News  -  Press Releases  -  Chat Now  -  Forums  -  IRC Network  -  IRC Help  -  About ETG  -  Contact Us
   Currently On ETG  

 
   
General News  
ETG News - Recent
ETG News - Archives
Press Releases
Forums
About EnterTheGame  
Company Info
Employees
Contacts
EnterTheGame Realms  
Doom III
CounterStrike
Quake IV
Full Directory
IRC Network Information  
News
News Archive
Organizations
How To Join / Chat
ETG Rules & Policies
ETG`s Purpose / Mission
ETG`s Server List
Partners
Network Staff
Network Helpers
How To Join The Staff
How To Link a Server
IRC Help and Guides  
New User Guide
IRC Etiquette
FAQs & Resources
ChanServ Help
VHOST Info
Hostmask Help
mIRC Setup Info
Security
Chat With Admin
Scripting
Personal Computer Protection
Automatic Windows Updates
Check this security page for Windows Updates Information or #Security.
It is imperative that you perform windows updates and keep your operating system up to date. Set your system to download AND install updates automatically so you are always current! Update your system with critical/security updates when released to keep yourself free of possible vulnerabilities and exploits that are used to gain illegal access to machines that are NOT updated. These updates also protect you from worms/viruses that do the same. Updates are usually released the 2nd Tuesday of every month.

Windows 2003/XP/2k

Turn Automatic Windows Updates on via the Automatic Updates control panel applet, so your system updates itself as soon as updates/patches are released.
NOTE: If you do not have the Automatic Updates applet, you may need to perform Windows Update manually.
Click start > programs > Windows Update > do all Critical/Security updates
You can also reach the Windows Update site by typing the following in your address bar of your Internet Explorer browser: http://WindowsUpdate.Microsoft.com
Set your Automatic Windows Updates to download and install the updates daily when you know your computer will be on and online.

Windows 95/98/NT

These operating systems are no longer supported by Microsoft, you should probably upgrade if you can or unplug your network cable ]=)
AntiVirus Software
Check this security page for Virus alerts and updates or #Security
Keep current Anti-virus software installed, up to date, and running at all times. New viruses are created every day, and you need to keep your DAT (virus definition) files updated for whatever software package you are using.
Suggestions: McAfee, Norton, Kaspersky, Sophos, TrendMicro, Panda, Bit Defender.
Set your Anti-Virus software to update automatically
Set your Anti-Virus software to run full system scans automatically
If you think or know you are infected with a virus, you should update your virus scanner and run a full system scan.
If you do not have antivirus software installed, ask for additional help in #Security, or you can use a free online virus scanner.
Free Online Virus scanners:

Firewalls
Firewalls will help secure your machine and repel worms/viruses/hackers/etc. They will significantly help with stopping malicious programs and people who want to illegally gain access to your system or cause it/you harm.

Windows software firewalls:
Sygate Firewall / Sygate Firewall Pro

Highly recommended for home users. Process and application blocking. Highly configurable, nice added features and protection, custom rule sets for applications, single IP or ranges. Logging feature is nice, easy to understand, in English unlike Zone Alarm. Good choice for professionals or internet savvy users who want to know what is going on and want to be stealthed and protected from intruders and the like.

Zone Alarm

Popular at-home firewall. Lots of options like Sygate, and advanced rules available. Process and application blocking like Sygate. Highly configurable also. Log messages don’t make as much sense as Sygate. Still a good choice.

Norton Personal Firewall 2005

It is a basic firewall that is designed for the average PC user who is not that computer savvy. Thus the configuration is very, very easy (you just download and follow instructions). Interface is easy to understand and intuitive, with popups to inform the user of its actions. The simple interface just allows one to simply turn on and off updates, blocking traffic, ad blocking, etc... For users who are more computer savvy and won`t more control for their firewall it isn`t recommended. For all other users it is a great choice for your desktop PC.

E-Trust EZ Firewall (zone alarm clone)

This is zone alarm, with a different name. Good for the average PC user at home, though I would recommend Sygate over it for better understanding of what is ‘going on’.

BlackIce PC Protection

Another good firewall for basic internet users, not recommended for professionals. Rather intuitive and easy to understand and use. Previous reports suggested this ‘firewall’ did not perform as it should.

Armor 2 Net Personal Firewall

Interface is not as flexible as others, it seems to be popular, but I don’t know why. Intuitive and more of a package, blocking popups, spyware, etc, while performing firewall actions at the same time. Not recommended for professionals.

Mcafee Personal Firewall Plus

Unable to install and use at this time. I have used this firewall previously on another computer. It is for the basic internet user that is not savvy, and doesn’t want to be.

Kerio Winroute

Highly configurable, highly robust firewall for both desktops and servers. A degree of professionalism and networking/security knowledge is assumed in the user. Somewhat intuitive, nice interface, many options.

Agnitum Outpost

Another good choice. Many options, nice interface, also somewhat intuitive. Similar features to Winroute. Robust and configurable, nice interface and alerts display.

InJoy

User friendly and somewhat intuitive. Must start server service first, then start GUI if you want to be able to see what is going on in the pretty interface (2 step process, but worth it). Easy to configure, and nice interface. You can even customize the palette. Somewhat robust with ability to modify GUI as you please, add/remove features as well as colors.

Tiny Personal Firewall

Not as user friendly or aesthetically pleasing as others. Unable to turn firewall on/off by right clicking an icon. Less intuitive, but with good control over options. This is definitely not for the typical PC user. It offers process monitoring, and port monitoring in addition to firewall service. However process/port monitoring software can be downloaded for free. Not necessary in a firewall package I would pay extra for, but nice to have.

Visnetic Firewall

Easy to configure. The interface is simple. User friendly and intuitive, but with less control/power over the firewall itself.
Linux firewall

IPtables is commonly used as the Linux firewall solution. There are a few front-ends you can use with it, but they aren’t necessary. IPtables runs on your Linux machine, and should be set to run every time the computer starts. Nowadays it’s built into the kernel, and it’s easy to learn and use. It is more secure to use a drop policy for your INPUT and FORWARD chains, and don’t have rules allowing things you don’t need. Rules are setup one line at a time. Each set of rules (firewall) can be different depending on what your computer/server is going to be doing, connecting to, or allowing to connect to it. If you need help, ask in #Security or #Linux or check http://www.google.com

Hardware firewall

If you have some money on the side, you can invest in a hardware firewall that can act as an IDS (Intrusion Detection System) and in some cases an IPS (Intrusion Prevention System, an IDS with brains) at the same time. PIX firewalls, made by Cisco, are fairly inexpensive, or you can buy another piece of hardware, or you can invest some time in learning how to configure a Linux box and having IT act as your router and firewall. You have a plethora of options.
Disable Unnecessary Windows Services
Disable unnecessary services and things that you do not need running in the background that may pose a security risk to your system. Be CAREFULL what you disable, and disable at your own risk.
Windows XP Services - http://www.blackviper.com/WinXP/servicecfg.htm

Windows 2000 Services - http://www.blackviper.com/WIN2K/servicecfg.htm

Some of the following tools allow you to disable services with the use of small programs from www.GRC.com If you would prefer to read over them yourself and download them directly from the website, go to www.GRC.com on the bottom click on ‘free stuff’. I have not run into any problems with either of these pieces of software but use them at your own risk.

Disable DCOM - http://www.grc.com/files/dcombob.exe

What it does:
Ever since Windows 98, a powerful, but unnecessary and rarely used facility known as DCOM (Distributed Component Object Model) has been an integral part of Windows. The DCOMbobulator checks the effectiveness of Microsoft`s security patches and allows the user to increase the security of their system by simply turning DCOM off. Your antivirus program might pick this up as a virus, it’s not, I assure you. If you want to turn it off manually, search your registry for ‘EnableDCOM’, and change the key’s entry from ‘yes’ to ‘no’, and exit the registry editor.

Disable Universal Plug & Play - http://www.grc.com/files/unpnp.exe

What it does:
At the end of 2001, Microsoft revealed a critical defect in Windows XP and ME: Windows` Universal Plug and Play service (UPnP) would allow a malicious hacker to remotely take over any system that was running and exposing the UPnP service to the Internet. This UnPlug n` Pray utility lets anyone check for the presence of the dangerous UPnP service in their system, then easily and safely enable and disable it as needed.

Disable Messenger Service - http://www.grc.com/files/shootthemessenger.exe

What it does:
Windows NT, 2000, and XP hide a hidden Internet server that is running by default. It receives and accepts, among other things, unsolicited network messages that cause pop-up dialog boxes to appear on the desktop. Internet Spammers have discovered this and are spraying pop-up Spam across the Internet. The Windows Messenger server should never have been running by default, and Microsoft has finally fixed that in Windows 2003, but users of previous Windows need to take responsibility for these themselves.

Disable WinXP/2k Raw Sockets - http://www.grc.com/files/socketlock.exe

What it does:
As part of my struggle to convince Microsoft not to ship Windows XP with full raw sockets, I created this "SocketLock" utility. It easily enables and disables the system`s raw socket capabilities to show that, contrary to Microsoft`s claims, raw sockets are not, and never were, needed by any applications or users.

Disable Routing and Remote Access

What it does:
Offers routing services to businesses in local area and wide area network environments.
Disable this through the Services applet in the control panel, also accessed by right clicking ‘my computer’ and going to ‘manage’ then ‘services’ > services and applications.

Disable Remote Registry Service

What it does:
Enables remote users to modify registry settings, if disabled, the registry can be modified only by users on the computer.
Disable this through the Services applet in the control panel, also accessed by right clicking ‘my computer’ > ‘manage’ > `services’ > services and applications.

Disable NetBIOS over TCP/IP

You do not need NetBIOS on for your computer to work, and it has been found to lead to multiple vulnerabilities and exploits. You can easily disable NetBIOS over TCP/IP by going to the properties of your connection > TCP/IP > advanced > Wins tab > disable NetBIOS over TCP/IP.

Disable Remote Desktop and Remote Assistance

If you do not need them on, disable them. Right click My Computer > left click Properties > click Remote > uncheck both boxes.

Disable File and Printer sharing

If you do not need file and printer sharing on, disable/remote it. Right click My Network places, left click Properties, Right click your connection, left click properties, uncheck File and Printer sharing, or click that line and click ‘uninstall’.
Local Security Settings

The NSA has come out with suggested Local Security Settings for XP/2000/2003 operating systems, a link to them can be found here with more information:
http://nsa1.www.conxion.com/index.html
Local security settings are accessed by Right clicking My Computer, and clicking Manage, OR clicking Start > Programs > Administrative Tools > Local Security Policy Be careful what you set, and set these settings at your own risk.

Unix/Linux
  • A minimalistic approach is the most secure approach for running a system.
  • An onion approach is the best for security practices.
  • Focus on keeping people out, first.
  • Disable services/etc you are not using and don’t need.
  • Secure the services/etc you are going to use and run.
  • Keep your services and daemons up to date.
  • Chroot things.
  • Run a password cracker over your system accounts for a few days now and then to see if you can be broken easily.
  • Run a vulnerability scanner and nmap yourself to see what others can detect.
  • Close ports you don’t need open.
  • Audit successful and failed logins.
  • Run strict IPtables with default Policy rules of REJECT or DROP
  • Secure SSH:
    Edit your /etc/ssh/sshd_config with the following settings:
    Protocol 2
    PermitRootLogin no
    PermitEmptyPasswords no
  • Configure FTP in the same fashion.
  • F Watch for kernel updates and updates to the software you use.
  • Edit your kernel config and remove unnecessary drivers and services that you do not need or use.
  • Remove any startup scripts you do not need, usually in /etc/rc.d
  • Edit your /etc/rc.conf so that you are not running unnecessary processes at startup such as InetD/FTP/etc that you do not need open.
  • To view what ports you currently have open, type ‘sockstat -4’
  • To view running processes, type: ‘ps aux’ or ‘ps ef’ (etc)
  • To view top processes by cpu cycle, etc, type: `top`
  • To view processes and their paths, use: lsof -i (etc)
  • You may want to run programs like PortSentry, Logcheck, Logwatch, Tripwire, RKhunter, and ChkRootkit in cron.
Last Updated: May 13th, 2005 - By: atomics
Other Site News
Hurricane Sandy & Channel Se...
ETG Celebrates 13 Years!
DNS Outage
Maint on PA Server
IRC is getting an UPGRADE!
MD Server Maint
New Feature for Approved Egg...
Eggdrop Issues
ETG Celebrates 10 Years!!!
Reserved Nicknames
New Security System Enabled
Happy 9th Birthday ETG!
Major Network Maint TODAY!
UT3 Developer Chat TODAY!!!
9/11 Remembered
In The Forums
Site design and contents copyright (c) EnterTheGame & Excelsior Media Studios, Inc. 1999-2017
No portion of this site or any content on it can be copied or otherwise used/reproduced elsewhere without explicit permission by Excelsior Media Studios, Inc.
Site Coded/Constructed/Designed by Dave Sherman @ Excelsior Media Studios, inc.
Original Site Concept & Design by Callidus @ Digital Impurity - www.digitalimpurity.com