SECURE YOUR WINDOWS LAPTOP [  ]

S.M.Virus

⚜️ So, guy's I'm Newbie.

♻️ Here I'm with an article about securing your alaptop which OS is Windows.

🌀 So Let's Start

▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬

🧿 Now-a-days laptops are part of our life. We carry laptops almost everywhere for our

work, connect it to different networks and store our sensitive information on it. But we

hardly care about the security of our laptop and that opens the door for an intruder to

attack or steal sensitive data from it. An insecure laptop is susceptible to the following

security risks:

🌀 An attack to the laptop due to known vulnerabilities of Windows

🌀 A Virus/Worm hit can paralyze your laptop

🌀 Spywares installed on the laptop can steal your sensitive information

🌀 An attacker can try network based attack to hack into your laptop

🌀 Anybody can view/delete/modify your important files

🌀 Malicious scripts embedded in the web pages can damage the laptop

🌀 Easy to compromise the laptop due to insecure OS settings

🌀 Attacker can use brute force/dictionary attack to break your weak password

🌀 Insecure share in your laptop can be used to implant virus/worm/trojans

🌀 An attacker can sniff your sensitive information from an insecure WLAN

▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬

🧿 Three easy ways to protect your laptop are:

🔰 Secure your laptop OS -

🌀 Install OS with advanced security features and latest service packs.

🌀 Update the laptop with Windows Update.

🌀 Use only secure NTFS file system.

🌀 Protect your sensitive data with Encrypted File System (EFS).

🌀 Secure Internet Explorer’s settings.

🌀 Disable non-essential services running on your laptop.

🌀 Tweak the security options for optimum security.

🌀 Configure strong password and account policy settings.

🌀 Secure the shares in your laptop.

▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬

🔰 Reduce the surface of attack -

🌀 Install a personal firewall.

🌀 Install Antivirus and update it with latest virus definitions.

🌀 Install anti-spyware software to prevent spying.

🌀 Paladion Networks 2

▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬

🔰 Other security measures -

🌀 Secure the Wireless LAN.

🌀 Physically secure your laptop.

▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬

🧿 Install OS with advanced security features and latest service packs

🔰 All Windows Operating Systems do not have the same level of security features. You

should choose latest Windows OS which has security features built in. It is not

recommended to use the following OS in your laptop:

🌀 Windows 95

🌀 Windows 98

🌀 Windows Me

🧿 If you’re installing a flavor of Windows, install only the following versions:

🌀 Windows 2000 Professional

🌀 Windows XP Professional

🧿 Use Windows XP Professional rather than Windows XP Home Edition. Windows XP Home

▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬

🧿 Edition lacks many essential features (like EFS) which are present in Windows XP

Professional. When you are buying a new laptop, remember to choose Windows XP

Professional as your laptop OS.

🧿 Next step is to install the latest service pack for your laptop OS. A Windows service pack adds new features (including security features) to your OS and also installs latestsecurity patches of Windows. Service pack protects your laptop from new vulnerabilities that were released till the release date of the service pack. Download the latest service pack for your Windows OS from orignial Windos Site. Backup all your essential data before installing a service pack. During the installation of service packs, always choose “Archive files” option so that you can uninstall the servicepack later in case of any problems.

▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬

🧿 Update the laptop with Windows Update

Everyday, attackers are coming with new exploits in the form of Worm or Virus when a

new vulnerability is found. The number of days between the reporting of a vulnerability

and the release of an exploit are decreasing day by day.

🧿 For example, the RPC/DCOM vulnerability was reported to Microsoft on 1st July 2003.

🧿 Microsoft released a patch (MS03-026) for this vulnerability on 16th July. A group called

🧿 X-focus released an exploit code to the public on 25th July and the worm Blaster hit the

world on 11th August 2003 exploiting this vulnerability. That’s less than 6 weeks between

the vulnerability being reported and the arrival of a worm.

▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬

🧿 Paladion Networks 3

🌀 It is important up-to-date your Windows OS with the latest security patches. It can be

achieved by using Windows Update feature.

🌀 You can manually update your Windows OS easily if you have an internet connection.

🌀 Type the following URL in your web browser and follow the instructions in the webpage

to update Windows. http://windowsupdate.microsoft.com

🌀 If you don’t have an internet connection, you can download the patches from the

following website to another machine, copy those patches to your laptop and install them

manually. http://www.microsoft.com/technet/security/current.aspx

🌀 You can also configure your Windows OS to download and install patches in the laptop

automatically without your intervention. To keep your laptop updated using Windows

🌀 Automatic Update please refer to the Appendix.

▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬

🧿 Use only secure NTFS file system

🌀 Windows NTFS file system provides file and folder level security. You can protect your

important data using NTFS permission so that unauthorized users cannot access it.

🌀 During the installation of Windows OS, format all the partitions of your laptop using NTFS. If you have existing FAT/FAT32 partition(s) on the laptop, you can convert it to

🌀 NTFS without destroying your existing data using the convert command. To convert

your FAT/FAT32 partition in NTFS, please refer to the Appendix.

▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬

🧿 Protect your sensitive data with EFS

🌀 EFS (Encrypted File System)1 is a powerful security feature of NTFS file system in

Windows 2000 and XP Professional that can be used for computers that plug in to a

domain. Using this feature you can encrypt and secure your sensitive data. EFS can be

implemented at file level and folder level. If you implement EFS at folder level, all files

inside the folder will be encrypted using EFS. After encrypting a file or folder using EFS

only you can open it with your login. Unauthorized users will not able to access your

data. Even if your laptop is stolen; your sensitive data will be protected form disclosure.

To protect your important data using EFS see the Appendix.