Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Looking for operating system security steps that would be very difficult to hack

Posted on 2006-05-03
9
Medium Priority
?
320 Views
Last Modified: 2013-12-04
I understand that software is available to hack XP passwords, such as ElcomSoft Distributed Password Recovery.  I wish to secure my data, without threat of it being accessed.

Question:  Are there job steps that I could take to prevent my XP username and password from being comprimised by any such products, and is there some way to have reliable file encryption and/or password protected files such that they cannot be hacked by commercially available products?

0
Comment
Question by:SteveK777
7 Comments
 
LVL 16

Accepted Solution

by:
JammyPak earned 672 total points
ID: 16603603
3 simple tips:
- use a strong password: This will beat any dictionary accounts, and will make brute-force attacks impratical. Use minimum 8 chars, and a mix of upper/lower/numbers/symbols. Some people are also promoting the idea of a 'passphrase' instead of a password these days
- change your password from time to time: just in case :)
- physically secure your machine: a lot of tools (ex. l0phtcrack) require physical access to the sam database in order to crack it. If people can't get at your machine, it makes things more difficult for them.

If you follow these, IMO the native software (load SP2 on your XP) is sufficiently secure to make it very difficult to hack. If you work for the FBI or a Nuclear Agency or something like this, then you can spend big money to make things ultra-secure, but otherwise I wouldn't bother.

0
 
LVL 16

Expert Comment

by:JammyPak
ID: 16603609
ok, more tips:
- patch your machine
- run a firewall
- run AV

this will keep you (relatively) safe if/when exploits are discovered
0
 
LVL 6

Assisted Solution

by:CyberGhost
CyberGhost earned 664 total points
ID: 16606408
It's nothing as a secure Windows XP.
However, it's relatively safe to follow JammyPak's steps.

I would explain and expand several things from his commens here, as they might not be clear enough.

A strong password is good password. However, if you use the same password on every system, mailbox, Word file, toilet (just joking :-) or anywhere else, it's not as secure as it might look like.
Don't use same password for your personal poems written in Word and business e-mail, that might contain a lot of confidential information.
Don't use your name, date of birth or anything simmilar and guessable as your password.
A passphrase is a good thing to start with, I believe.

By patching your machine, a periodic run of Automatic Updates or Windows Update website visits are meant.
Windows XP with SP2 have firewall in it already, so it's a good thing to have. If you don't have firewall turned on, a popup balloon will appear during startup, saying that you don't have your firewall on and therefore you're vulnerable to hacks from the Internet.

AV means Antivirus software. There are loads of free such applications available all over the Internet. Most known might be AVG Free Edition, however, it's not as robust as NOD32 from ESET (www.eset.com).
NOD32, however, has only 30-days trial and then you have to pay.
I have used NOD32 for ages and from my personal experience, I might say that it's the best one to look for.

And at last - I wouldn't use Internet Explorer as a default browser, unless really neccessary, as it posses quite a threat for a computer security. Try downloading Firefox or Opera. At least Firefox is much safer to use than Internet Explorer.
MSIE (Internet Explorer) is probably the best tool for you - if you want to get a virus visiting your computer quite often.
This, however, depends on a way you use your computer. If you don't browse malicious websites, such as cracks and hacks websites, you are safe. Relatively... :-)

regards,
CyberGhost
0
Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as the high-speed power of the cloud.

 
LVL 4

Expert Comment

by:mrenos
ID: 16606580
This box will be networked with others in a LAN or it will be stand alown on the internet ?
If you are in a LAN, what are the jobs that others do with your computer ?

I think that you have to awnser to the above questions first and then to see how to protect your computer. Because there are services, shares etc that can be disabled/removed if you are not in a LAN.

Hope this helps a bit..
0
 

Author Comment

by:SteveK777
ID: 16607182
The machine is not networked but it is attached to a wireless router and the internet.  It is at SP2 and I am running Norton Professional Internet Security and AV.  I routinely check for patches for both XP and Norton.   My primary concern is that anyone with physical access to the machine not be able to access the files.  

JammyPak commented that "a lot of tools (ex. l0phtcrack) require physical access to the sam database in order to crack it. If people can't get at your machine, it makes things more difficult for them."  

JammyPak - If someone stole my machine, notwithstanding the strong passwords and SP2, does this mean that someone can run a commercially available product to circumvent my username and password, and if so, are there any steps I can take to prevent such an occurance?  The issue is that my machine is in a very remote area and if I am traveling, for example, it could be days until I even realized it was gone.  I am concerned to load sensitive data onto ithe machine unless and until I better understand how to protect the data.

Thanks in advance for your help.  
Steve
0
 
LVL 4

Assisted Solution

by:mrenos
mrenos earned 664 total points
ID: 16607562
My opinions based on my experience are 2.

First :
1. Create an account with a complicated and long password ( eg. 10 - 12 chars and not like this: if your name is mamamiathisispassword, create a password like m@m@m1@th1$1$p@ssw0rd )
2. Encrypt your data ( http://www.microsoft.com/windowsxp/using/security/learnmore/encryptdata.mspx )
3. Delete any other accounts that you might have in your computer
4. Rename the administrator account into a name like nsdfu093274nfds with a password also like jksfh9874fosdj that you have to remember :)
5. Close all the ports from the Norton Internet Security and leave only the ones that you want ( eg 80 for http,110 for pop access etc etc )
6. Don't tell anyone the above personal data or don't store them, besides your pocket.

Now, if some one steals your computer and try to unencrypt your data, with that long password, it will take a while..By then we are all going to be dead :)


Second:
Save all your sensitive data into a removable 2.5" USB HDD eg 60GB or the size that you believe that will fit your data. After that even if the stole your computer or get any kind of access into your pc, they will get nothing because all your data will be with you. When you get back home, plug in the disk and you will work, when you have to leave your house, unplug the disk and take it with you.
Keep in mind that
  a. The HDD is sensitive into the electromagnetic waves eg mobile phone etc. My suggestion is, if you don't have a large ammount of data, get your self a Flash memory disk with a size of 4GB and store there your data.
  b. The external disks cannot be formated into NTFS ( NTFS = file system that gives you the ability to encrypt your data ).

I recoment to select the second solution with the Flash memory disk, based on what you sayed ( The issue is that my machine is in a very remote area and if I am traveling, for example, it could be days until I even realized it was gone. ). Also because i suppose that you carry a bag with you always where you have your labtop and your papers. Inside there you can have your Flash memory or inside your pocket or with your keys.


That all i could tell you, i hope i helped a bit.
0
 
LVL 16

Expert Comment

by:JammyPak
ID: 16615187
"JammyPak - If someone stole my machine, notwithstanding the strong passwords and SP2, does this mean that someone can run a commercially available product to circumvent my username and password, and if so, are there any steps I can take to prevent such an occurance?"

- if someone physically has access to your machine, it makes it much more difficult to secure. For example, they could boot to a floppy and load a different OS in memory to read the drive. Or, they would remove your harddrive and add it to a different machine as a data drive. Now the logon password is irrelevant, and if the drive is unencrypted they will be able to mount it and read it.

Encrypting your drive will certainly help in this situation, but it's not unbeatable...

Read #3 of Microsoft's 10 laws of security:
http://www.microsoft.com/technet/archive/community/columns/security/essays/10imlaws.mspx?mfr=true
0

Featured Post

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In today's information driven age, entrepreneurs have so many great tools and options at their disposal to help turn good ideas into a thriving business. With cloud-based online services, such as Amazon's Web Services (AWS) or Microsoft's Azure, bus…
This is a guide to the following problem (not exclusive but here) on Windows: Users need our support and we supporters often use global administrative accounts to do this. Using these accounts safely is a real challenge. Any admin who takes se…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…
Please read the paragraph below before following the instructions in the video — there are important caveats in the paragraph that I did not mention in the video. If your PaperPort 12 or PaperPort 14 is failing to start, or crashing, or hanging, …

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question