• reveal the holes in your webserver: nikto 1.35
  
• reveal the holes in your webserver: nikto 1.35 ciont
  
• securing you box with bastille
  
• securing your box with bastille cont
  
• securing your box with bastille cont 2
  

• forensic process and tricks
  
• forensic process and tricks cont
  
• forensic analysis of malcode - step by step
  
• advanced web-based honeypot techniques
  
• custom web-based honeypots with ghh
  

• smtp relay honeypot
  
• web exploits - don't be a victim
  
• scripting internet connections under windows
  
• credit card security
  
• cross posted sql injection measures
  

• making your windows pc more private and secure
  
• a quick introduction to tcp session hijacking
  
• the definitive guide to chrooting
  
• the definitive guide to chrooting cont
  
• te definitive guide to chrooting cont 2
  

• computertutorials
  
• computertutorials2
  
• securitytutorials
  
• computertutorials3
  
• computertutorials4
  
• securitytutorials2
  
• securitytutorials3
  
• securitytutorials4
  

MAKING YOUR WINDOWS PC MORE PRIVATE AND SECURE


Valhallen has kindly allowed the TAZ to host this paper of his on our site.

You can find the original tutorial here:
http://www.antionline.com/showthread.php?s=&threadid=253274

The majority of people arriving on these forums do so for one of 2 reasons.


They want to be l337 hack0rs

They are worried about their privacy &/or Security online


Hopefully those who fall into the first category will be either shown the faults in their ways or promptly kicked out the door

For the other group this is a quick Tut to help you start down the long road to ensuring your own safety and privacy online.

I am going to break this down into 2 sections….Privacy & Security
There maybe some slight overlaps as they are very closely related but I will try my best not to repeat myself too much too much! Hehe

Web Bugs
Ok a web bug is like a tracking device almost. A way to eavesdrop on people and what sites they are visiting. Normally a 1x1 clear .gif, which are put on webpages to track visitors to that particular page. They can also be placed in emails, which leads too much big problems. I’ll look t each type separately in a minute.
But how does it work? A web bug is placed on a different server to the rest of the page. When you request that page you also request the bug, even though you cannot see it. From this the owner of the bug can acquire different info about the person who requested the bug.
Eg
Browser requests page >> page loads containing bug >> bug loaded from separate server >> user’s information recorded by server

Ok will talk about the 2 main types now that you have a basic idea of what they are.

Web bugs on Websites :::
Not all transparent. gifs are web bugs – it is common practice on some sites to use transparent .gifs to help align different page elements. As you can’t see them they can be used to space out objects etc without you knowing they are there.

What info can it record about you?
The IP address of the computer that fetched the Web bug
The URL of the page that the Web bug is located on
The URL of the Web bug image, which contains the information to be communicated between the Web page visited and the site collecting the data
The time the Web bug was viewed
The type of browser that fetched the Web bug image
A previously set cookie value

Taken from http://www.bugnosis.org/faq.html

So how can you protect yourself – well you could disable the displaying of images in your browser but that would making surfing a lil dull. The site listed above tho offers a prog called Bugnosis, which can be used to spot bugs on pages.

Or you could use a Proxy server or similar services (will discuss later in this tut)

Web bugs in Emails
IMHO these are the nastier of the 2 types of bugs cause when you view a HTML email containing a bug it is like sending up a flare to spammers telling them that your email is an active address.
What do I mean by this? Well some spammers may send out thousands of emails to different email addresses without knowing if they are reaching anyone or not.
They might try J.doe123@hotmail.com, J.doe124@hotmail.com, J.doe125@hotmail.com and so on
But when you view the email it requests the bug from the spammers server so they then know that the email was opened by someone so that email address must belong to someone and be active.

So how can you prevent this? Well set up your Spam filters on your email account as this should help stop some from getting through. Or disable HTML email so that you can only view it as text. This may look messy but if you want to view it as it was meant to be seen simply copy&paste the text into a new txt file and save with the extension .html – do not view in your browser however until you are offline. As opening it while connected to the Internet will still send up the flare you won’t be able to view any of the other images etc but might make it slightly easier to read.

Betrayed by your browser
You can see the kind of information your browser is giving away every time you visit a website by checking here -> http://www.privacy.net/analyze/
Even with a firewall etc up and running this kind of information is freely available for anyone who wants it.

One way you can help keep some of your information private (such as your IP address) is to use a proxy server. A proxy server is kind of like a middleman. It sends the information back and forward between your browser and the web server keeping you hidden. Like this

You request page >> proxy server >> Web server
Web server sends page >> proxy server >> You

For example the traceroute performed above on privacy.org managed to get pretty close to my actual location as I live in a major city in Scotland but when I activated my proxy settings and revisited the page it died out somewhere near India
Proxies are by no means foolproof but they can provide an extra layer of privacy. But they may come at the cost of your connection speed.
A quick search in google shouold turn up more than enough public proxy servers to keep you happy!!
But how to use them once you have an IP for the server??
Well I'm an Opera user so will give you the how to for it but it should be much the same for all browsers

Go to File >> Prefrences (or click alt+p)

Click on Network down the lefthand side

Choose Proxy Servers

Enter the IP and port in the new window that opens

Tick the services that you wish to use the proxy for (normal browsing is http)

Exit out of prefrences by hitting ok


Although not free you can also use products or services such as anonymizer (http://www.anonymizer.com/) to try and protect yourself as well.

Ok now moving on….so you have protected your privacy some but now what about stopping those evil kiddies from breaking in? Well if like me your on a tight budget there is a whole host of freeware & shareware tools out there to help you secure your PC so lets go through what you need.

Ok first of all let’s shut down some holes you might have in your system by default.

The first is the Windows Messenger Service now this is not an IM (Instant Message) client like MSN or AIM but is used to send pop boxes and the like across networks and over the internet. Originally included so that network admins could notify people when tasks have been completed etc it is now used by spammers to invade your PC and send you even more ads.
Unless you need this service which you prolly won’t on a home network then shut it down. This can be done by hand but I want to provide the easiest way possible of getting your computer secured in this tutorial so check out this page -> [url] http://www.grc.com/stm/shootthemessenger.htm [/url] for more information and also a download to close of the port automatically for you.

NetBIOS
There is an excellent tut on AO with regards to NetBios hacking written by rioter. So good infact that it has been ripped off by several other sites and even translated into Chinese – lol
Well they do say that copying is the biggest form of flattery!! Don't think rioter thinks so tho! heh

Unless you need these ports open then I suggest you also close them off as well. Once again grc provides a handy tool to do just this. You can read more information on it here -> [url]http://grc.com/faq-shieldsup.htm [/url] or download the prog here -> [url]http://grc.com/freepopular.htm[/url] its about half way down name noshare.exe

Ok so you have closed down some ports now lets be doubly sure by installing a firewall. There are several different free firewalls out there but personally I like outpost -> [url]http://www.agnitum.com/products/outpost/[/url]
The basic edition is free and easy to use and does anything you could need – it also contains a built in ad-blocker, which is nice!
Just download the file install it and only grant access to those programs you are sure off.

But what about spyware? Trojans? And virii??
Well first of all lets see if we can’t give outpost a little hand in blocking some of those ads – by altering your host file you can block some domains that ads originate from
You can find a lot more information on your host file – what it is and how it can help you stop ads here -> [url]http://www.accs-net.com/hosts/[/url]
As well as downloading a host file containing a huge list of known ad domains.

Ok now we need an AVP (Anti-virus Prog) once again this can be gotten free online at [url]http://www.grisoft.com/[/url] they offer a basic prog for free along with free updates. Its simple to install and use and you shouldn’t need walked through it. You will need to register at the site to download the prog but that isn’t too much of a problem am sure.

But many peoples biggest fear is Trojans – these seemingly harmless looking files contain a hidden payload…. more often than not a backdoor which can allow kiddies to connect to your computer. Now your pretty much protected s the AVP should pick up on it and the firewall should stop any outgoing connections but just to be sure I always keep a Trojan Cleaner handy and IMHO The Cleaner does the job great J [url]http://www.moosoft.com/[/url]
It is a 30-day trial but might be worth the investment to get the full thing. Also the cleaner comes bundled with 2 other progs which some in handy not only for keeping an eye on Trojans but also on other progs that you may have running.

You may have noticed that if you type msconfig at the run menu and go to start-up you can disable MSN from starting everytime you start your PC….great!! But run MSN once and close the app and it adds another entry to the registry making it run on start-up again!! One of the pieces of software bundled with The Cleaner sees to it that this kind of thing cannot happen without your knowledge as it runs in the background monitoring any changes made to your registry and letting you know about them so you can remove/change them as needed.

But what about spyware?? This is not deemed by some AVP’s to be malcode so is not picked up on so how do you check for it? Well everyone seems to have their own preference with regards to spyware removal progs such as search&destroy etc but I prefer ad-aware -> [url]http://www.lavasoftusa.com/[/url] just download the prog and give your comp a scan every now and again to ensure your spyware free!!!

On a side note I you are suffering from a lot of pop-ups…. not from spyware but form websites I suggest you either

Start using Opera, which comes with a built in pop-up blocker as well as a bunch of other features (my fav browser!) [url]http://www.opera.com/[/url]

Or if using IE then get google’s toolbar -> [url]http://toolbar.google.com/ [/url]which also comes with a pop-up blocker


Ok so you have protected your privacy, blocked your ads/pop-ups, locked down your ports, got rid of your spyware and made sure your virus free!! Now lets run it through its paces by checking on grc that your shields are up – lol

[url]http://grc.com/default.htm[/url] about 2 thirds of the way down :: link to shields up!!
This runs some tests on your firewall to see what ports are open etc and to ensure it is not allowing incoming connections it shouldn’t as well as checking that you are properly stealthed.

Now to check to ensure it is blocking outgoing connections once again we get a handy tool from grc -> [url]http://grc.com/lt/leaktest.htm[/url] this tries to make an outgoing connection from your PC to the grc server to ensure your firewall is configured correctly.

But what about testing your AVP? Well I asked the same question on AO not long ago here -> [url]http://www.antionline.com/showthrea...threadid=253152[/url] the best thing seemed to be to get EICAR -> [url]http://www.eicar.org/anti_virus_test_file.htm[/url]
Tho some members don’t think it does much good but at least you can see its running – lol

Well that should be enough to get you started off protecting your home computer

v_Ln
www.reach-out.org.uk

Original Tutorial Submitted by nokia for TheTAZZone-TAZForum

Originally posted on March 14th, 2006 here

Do not use, republish, in whole or in part, without the consent of the Author. TheTAZZone policy is that Authors retain the rights to the work they submit and/or post...we do not sell, publish, transmit, or have the right to give permission for such...TheTAZZone merely retains the right to use, retain, and publish submitted work within it's Network.