Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 lock down help


  • Please log in to reply
3 replies to this topic

#1 shadow_647

shadow_647

  • Banned
  • 1,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:46 PM

Posted 04 December 2016 - 12:55 PM

All my windows versions i all way lock em down,meaning massive mods to protect vs network attacks.

 

Mostly when it comes to win7 i just install and do a basic once over when its for others and forget, im still in winxp on my main system you see but XP getting old and the time to change to 7 is getting closer and closer, sadly win7 tends to get on my nerves but that's a topic for a another time.

 

Now when i do a netstat at the command line on my main box "winxp" with the mods i have you know what happens?

Thats right nothing ............ everything is off, every default windows service is disabled that uses a network, if i wanted i could surf the net with no firewall for a year with my setup and in bridged mode so no NAT and never get hacked.

 

Use to know someone way back when that use to use his computer with no firewalls in win98 all the time and never had problems too "all micro$oft ports closed"

 

Now of late im starting to do my homework on the win7 topic seeing as 50~60% of everyone is in win7.

 

So the question is this, anyone know how to close all default Microsoft service ports in win7 ?

This topic wasn't a problem in every version of windows older then vista but from the research iv done so far in newer versions of windows its not possible.

 

Has micro$oft pulled a fast one on network security topic once more ?



BC AdBot (Login to Remove)

 


#2 RolandJS

RolandJS

  • Members
  • 4,519 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austin TX metro area
  • Local time:10:46 PM

Posted 04 December 2016 - 01:46 PM

The only answer I know to give you is:  Windows 7 Firewall.  It will reasonably protect your computer.  As long as you remember you are the most important and the most responsible component of security for your computer.  I know nothing about closing specific ports, all I know is: a well-layered defense, a responsible end-user, makes all the difference in the world -- no matter which ports are open and which ports are closed.


"Take care of thy backups and thy restores shall take care of thee."  -- Ben Franklin revisited.

http://collegecafe.fr.yuku.com/forums/45/Computer-Technologies/

Backup, backup, backup! -- Lady Fitzgerald (w7forums)

Clone or Image often! Backup... -- RockE (WSL)


#3 shadow_647

shadow_647
  • Topic Starter

  • Banned
  • 1,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:46 PM

Posted 04 December 2016 - 06:34 PM

Here a link to a win7 DoS/net nuker attack that can't not be patched !

 

Found that after only like 5 min of searching for zero day attacks vs win7.

So only way to fix the problem is to disable ports 135~139 and 445, on my setup you can try that all day long if you want and nothing will happen seeing as the ports are disabled,if i need to move files around from one computer to the other i dont use Microsoft anything for it, i use secure opensorce 3rd party code.

 

Nov 12, 2009 3:17 PM PT

http://www.pcworld.com/article/182093/protect_pcs_from_windows_7_zero_day_exploit.html

 

Ya ok its old news but still, point is you never know when the next one is out in the wild and coming.

By disabling all Microsoft ports you make it that much harder for someone to attack the system.

 

As for the win7 defalt firewall, it dousen't do mouch for me, GUI for it is horrable and it takes way to meny clicks to get anywere.

 

Like to get full loging you have to do the following, sad.

https://www.youtube.com/watch?v=DNpObKhCIGU

 

A properly hardened PC will deny and deter attacker with layers of protection. Sometimes, depending on the vulnerability, it will be completely mitigated because that feature is turned off. Other times, a zero day vulnerability might enable an attacker to get in, but once inside, they will find a locked system, try to wreck something and leave. Their ultimate prize is to gain admin/system rights to your PC and totally control your system. With a hardened system, they won't reach their goal. And with security monitoring, even if they obtained admin rights, their victory will be short lived.

 

http://hardenwindows7forsecurity.com/Harden%20Windows%207%20Home%20Premium%2064bit%20-%20Standalone.html



#4 shadow_647

shadow_647
  • Topic Starter

  • Banned
  • 1,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:46 PM

Posted 04 December 2016 - 06:49 PM

Like here, this is from one of my firewalls and i could get the log in like 3~4 clicks and its a real time printout of whats going on, thing has full loging as well and i can go back in time if needed to see what the story is over the past week if i want.

1350833394_skrin-30.jpg

1350833398_skrin-31.jpg

 

 
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users