There is no easy answer to this question because it depends on your
own individual situation. What we can say is that there are certainly
some things to watch out for.
- If you connect to the Internet without using a firewall,
then the answer is "probably not". Even if you do use a firewall, you
may not be protected from others on your own Local Area Network (LAN).
Whether you are using dynamic or fixed IP addresses makes no difference;
you are just as vulnerable. We recommend the use of dedicated firewalls
such as NAT routers to connect to the Internet. Software firewalls on
non-dedicated computers are prone to software glitches and virus
infections, and XP's firewall/Internet sharing software is no different.
DO NOT RELY ON THE MICROSOFT FIREWALL! We are not
saying that you shouild not use it, but take other common sense
precautions as well.
- ALWAYS, ALWAYS, ALWAYS use a password to protect your login.
By default, Windows XP does not use a password, nor does the Home Version
allow you access to the "built in" security of the NT File System (NTFS).
It also does not allow access to the "administrator" account, but it is
still there. You can access both by starting the computer in safe mode
(depress the F8 key when the computer is starting up). The disconcerting
part here is that the "administrator" account also does not have a
password by default. If left this way, anyone can boot up your computer
in safe mode and change all the passwords, thereby locking you out of
your own computer. Add a password to the adminstrator account no
matter how simple it may be! This account is your lifeline to your
computer should something happen to your regular account.
- Unlike previous operating systems, XP Home (and XP Professional not
configured to operate in a domaiin) does not require a password to connect
to a network share. By default, XP has one shared directory called
"SharedDocs". The physical location of this share is "C:\Documents and
Settings\All Users\Documents". This directory/folder (and its sub
directories) can be shared for "Read Only" or "Read/Write" access on both
the local machine and the network to which it is attached. By default, XP
activates Netbios over TCP/IP (NetBeui is no longer included). If NetBios
ports (137, 138, & 139) are not blocked by a firewall, that same share is
extended out over the Internet. Port 139 (& port 445) will allow anyone
on the Internet to Read/Write data to your shared directory. It is
strongly recommended that you do not allow access to this directory. If
you need to transfer files from one machine to another, create a temporary
share that you can shut down later. At least this temporary share would
not be in a known location for anyone scanning the Internet with a script.
For a little extra security, you add a "$" to the end of your share name to
make it invisible. This does not prevent someone who knows what they are
doing from learning the name, but at least it is not readily displayed in
a network Browse. We went one step further to protect against accidentally
opening up SharedDocs. We booted up in safe mode and changed the file
permissions from "Everyone" to "Administrators". That effectively denies
access.
- Note: The SMB protocol is normally used in conjunction with port 137
and 139 (NetBios). With the introduction of Windows 2000/XP, Microsoft
provided an alternate path if NetBios is not enabled or fails. They did
not provide a way to disable it, so these operating systems are always
open to probes.
- Every TCP port that is in the listening mode is a potential security
risk! XP by default opens up a fairly hefty number. To find out what
your computer has open, go to the Command Prompt (Programs/Accessories)
and type in the following:
netstat -an
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
Active Connections
Proto Local Address Foreign Address State
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1025 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1030 0.0.0.0:0 LISTENING
TCP 0.0.0.0:5000 0.0.0.0:0 LISTENING
TCP 127.0.0.1:3001 0.0.0.0:0 LISTENING
TCP 127.0.0.1:3002 0.0.0.0:0 LISTENING
TCP 127.0.0.1:3003 0.0.0.0:0 LISTENING
TCP 192.168.1.6:139 0.0.0.0:0 LISTENING
TCP 192.168.1.6:3085 0.0.0.0:0 LISTENING
UDP 0.0.0.0:135 *:*
UDP 0.0.0.0:445 *:*
UDP 0.0.0.0:500 *:*
UDP 0.0.0.0:1027 *:*
UDP 0.0.0.0:1031 *:*
UDP 127.0.0.1:123 *:*
UDP 127.0.0.1:1900 *:*
UDP 192.168.1.6:123 *:*
UDP 192.168.1.6:137 *:*
UDP 192.168.1.6:138 *:*
UDP 192.168.1.6:1900 *:*
Open ports in the listening mode are dangerous because they are
potential back doors into your computer. This does not account for
"SpyWare" which may briefly use a specific or random port to report
back to the mother ship.
- To find out what program is using a particular port, you can shut
down the program or service, and then repeat the command above. If the
program was using a particular port, that port will no longer be in the
list. But before you jump in there and start shutting down services,
you would be well advised to read the next section which deals with
non-essential services (and there are a lot of them). With a little bit
of work, you can get the open ports down to:
Active Connections
Proto Local Address Foreign Address State
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 192.168.1.6:139 0.0.0.0:0 LISTENING
UDP 192.168.1.6:137 *:*
UDP 192.168.1.6:138 *:*
To remove port 445 and some mapped ports above 1023 that are dependent
on it, it is necassary to add a value to the registry which is not there
by default:
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters
Value: SmbDeviceEnabled
Type: DWORD value (REG_DWORD)
Content: 0 (to disable)
This is Microsoft's "Server Message Block" service, which was previously
run over NetBios on port 139. This is the service that is responsible
for all those nasty text based pop-up windows (not browser pop-ups)
that appear from nowhere. Turning the Messenger service off gets rid of
the messages, but not the ports. EDITING THE REGISTRY IS NOT RECOMMENDED
FOR THE INEXPERIENCED!
- The next step is to deal with non-essential services in XP.
PREVIOUS
NEXT
