SecurityGuy.org

If you ever wanted to disable the use of USB storage devices at your organization, like USB flash drives or external hard drives, this article is for you.

Look no further. You can do it with the built-in tools you have in your Active Directory environment.
First, download the Group Policy Management Console here. Install it.

To prevent users from using usb drives, you will need USB block ADM file (98).

To prevent users from writing to usb drives, you will need USB write protect ADM (77).
read more »

This is the second video on securing Windows XP for home use - for advanced users.

P.S. You may want to watch it in “full screen” mode.

Video: Secure Windows XP - tutorial that teaches you how to secure your home or business computer.

Please check back for more advanced guides.

P.S. You may want to watch it in “full screen” mode.

Well, I have searched long and wide, could not find better structured article on browser security.

Just head over at http://www.cert.org/tech_tips/securing_browser/ and do what Will Dormann and Jason Rafail tell you.

Best of luck!

Usually, when you install Windows(tm), after installation you’re granted with Admin rights - very convenient to install programs initially, and configure your system.

What people don’t do afterwards, is create a user with Guest priviledge and use it for their daily tasks!

So what you should do?

Once all your applications are installed and your system is fully configured with drivers etc, click on Start - > Run - > type lusrmgr.msc, press Enter, right-click on Users, create a new user, choose a nice password for it, Clear the check-box “User must change password at next log on” . OK. Next, right-click on the user you created, choose Properties, click on the Member of tab, remove Users group, click Add, type Guests in the box, click Ok.
Right-click on the Admistrative user you used until now - be it Administrator and/or other user you selected during installation - and set a long, nice, hard to guess password for it using “Reset Password”. Make up something like “thisisalongandeasytorememberpassword” - some sentence only you know and will never forget, but is impossible for others to guess.

Next time you log in to Windows, choose the Low-priv account you created, and use it for your daily tasks - browsing, working, etc - when you need to perform any administrative tasks, just right-click on an installation file or other executable, choose “Run As”, and type in your Administrative credentials.

Done!

We’ve seen multiple exploits, when the users visits a malicious web site, and next the whole organization is compromised, the data is leaked, business loses A LOT of money.

So, what are we going to do? Use Linux? Yeah, like there are no exploits for all Linux browsers, including the console based Lynx… yes, text only browsing is dangerous too!

Let’s imagine most our users are admins on their own machines. Or even Power users. Dangerous situation. What would I do? Run IE as… Guest! This is isolating internet explorer for safe browsing.

Here’s the How-To:
Start - > Run - > type lusrmgr.msc, press Enter, right-click on Users, create a new user, choose a nice password for it, Clear the check-box “User must change password at next log on” - this account will be used only for running your internet facing applications like Internet Explorer, Firefox, Outlook, etc.

Next, right-click on the user you created, choose Properties, click on the Member of tab, remove Users group, click Add, type Guests in the box, click Ok.

To create a shortcut on the Desktop for the new Internet Explorer instance, right-click on the Desktop, choose New -> Shortcut, in the field for the program paste this (where newuser is the username of the user you created previously):
runas /user:newuser “c:\Program Files\Internet Explorer\iexplore.exe”
Press Next, when it asks for a name for the new shortcut, type Inernet Explorer, press Next, done.
For Firefox: runas /user:newuser “c:\Program Files\Mozilla Firefox\firefox.exe”

The icon is not pretty, I know. Right-click on it, choose Properties, Change Icon, and choose a nice icon, maybe even the Internet Explorer one at the end of the list.

Update: This does not work with IE7 in Vista, so to run IE7 as Guest, you will need to login with your new user. That is actually much better, as it will protect you from other threats from internet facing programs you run.

Well this one will be a short one.

Wanted to bring to your attention a program I’m using for a long time on my personal computers and in my work - “Security and Privacy Complete”. I know, I know, name sounds like crappy shareware useless app, but it’s not.

It is an opensource project hosted at SourceForge.net, http://sourceforge.net/projects/cmia/

Now, WARNING. If you are not sure about an option, do NOT check or uncheck it. I could show you the settings I use, but it is possible that in your situation you will need something else. Hover your mouse over the setting, read the balloon tip that shows up, if you understand it - decide on the setting. Google it if you don’t understand it.

First run: There is a button, Create a Backup. USE IT. You can restore from backup later, using the “Restore from backup” button. Do not change any settings before you have created a backup!

Direct download link: here

Settings explained: 
http://cmia.backtrace.org/en_system.html  
http://cmia.backtrace.org/en_sicherheit.html 
http://cmia.backtrace.org/en_dienste.html
http://cmia.backtrace.org/en_media.html
http://cmia.backtrace.org/en_iex.html
http://cmia.backtrace.org/en_firefox.html