Jump to content

Security Best Practises


Recommended Posts

Hey good hak5 forumers, I made a 'Security Best Practises' document, that kind of explains the answer to 'how do i secure my windoze machine', but since I was too lazy to make another document it's got a little bit of more corporate style practises. Anyway, let me know what you think and if I could add anything...


(it was a word document originally, but I couldn't upload that so here's a paste which works fine, apart from one hyperlink doesn't work)

Edited by iisjman07
Link to comment
Share on other sites

Would like to add a few more things. But generally that's pretty much how I would secure my system.

Well done, you got 5 starts.


1) Enable WPA2 (WPA if not supported) and use a strong passphrase. If possible also use MAC address filtering.

2) Make sure your router has its firewall enabled and there are no open ports unless you enabled them

3) Make sure the router has a non-default administrative access password

4) Make sure it is using the latest firmware.

5) Use HTTPS instead of HTTP to secure the connection when doing administrative tasks.


1) Ensure you’re using the latest version of your software (specifically quicktime, itunes, java and your web browser, but everything else as well)

2) Replace Adobe Reader with Foxit Reader or another alternative

3) If you don’t need it then for gods sakes don’t install Flash!

4) IMO, you should use Google Chrome for surfing the web, as it has a secure sandbox feature which makes it safer than other browsers

5) Use VPN software to stop wifi packet sniffing

6) Encrypt sensitive data (especially if moving it around on flash drives)(maybe full disk encryption)

7) Use web filtering software to prevent end users surfing porn, torrents, etc (I would personally use something like Squid or openDNS for web filtering, since some standalone software could be easy bypassed)

8) Disable macro’s in MS Office

9) Use VMs if you have to open/view untrusted web sites or attachments.

Operating System Security:

1) Use strong and un-guessable passwords (long, upper/lower case, numbers, symbols, random subject data)

2) If the end user doesn’t need it, disable the support for USB flash drives (maybe possible through the BIOS,

3) Do not let windows manage the you logon password, use other secure means for authenticating. Programs such as pwdump could be used to extract the hashes.

otherwise methods are discussed here or on google)

3) Disable autorun for CDs/USBs

4) Install antivirus/antispyware software, keep it up to date and scan frequently

5) Make sure you have all the latest security updates and service packs (for Windows and Office)

6) Make sure the default administrator account has a password and its hard to guess

7) Use group policy to lock out things such as task manager, regedit, services, mmc, internet explorer accessing files/folders, etc

8) Enable the windows firewall or install a Comodo Personal Firewall

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...