Securing your Windows box is sometimes a very depressing exercise. It seems Redmond releases another security alert every six hours. But, there are some common things you can do to beef up your protection.
- Do not run IIS – a web server (not running IIS) I know still gets ~20 Code Red-type hits/day from folks attached to cable and DSL modems who don’t even know they are running IIS.
- Do not run Active Directory
- Do not run SQLServer
- Do not use Outlook or Outlook Express
- If you do use Outlook/Express, turn off the preview pane. It automatically opens the e-mail at the top of your queue. This feature is a comfort to virus writers.
- Do get an SSH client for Windows.
- Do monitor your network connections with
netstat -anat the command line.
- Do use passwords and read-only mode if you do file sharing (CIFS/SMB)
- Try to keep it behind a firewall and not directly attached to the Internet.
- Shut it off when you are done with it.
- Get virus software.
It’s easy to bust on Windows, but many of the things I’ve said above apply to Linux and UNIX boxes. The main lesson? Don’t run services you don’t need, and be prudent about what you do run!