Author Topic: [Add-on] Anti-hacker & Security Tweaks  (Read 15991 times)

0 Members and 1 Guest are viewing this topic.

Offline acclude

  • Newbie
  • *
  • Join Date: Mar 2013
  • Posts: 15
  • Location: Maryland
  • Karma: 1
  • Destructionator
    • View Profile
[Add-on] Anti-hacker & Security Tweaks
« on: March 17, 2013, 10:14:33 AM »
Here is another pack of add-ons for the Advanced System Tweaker. It is geared towards anti-hacker/security tweaks. It includes:

Administrative Shares
The administrative shares (C$,D$,ADMIN$,etc) are enabled by default and are generally used for administrative purposes on an internal network. However, most home users and any server exposed to the web usually has no need to have these shares enabled as they just allow potential hackers more access points and the ability to enumerate your computer/network. If you do not have a specific reason to keep these administrative shares enabled, then I strongly suggest disabling them here.
W2k - Win7

Anonymous IPC$ Share Access
You can enable or disable the ability for anonymous network users to view the IPC$ share. You may have a legitimate reason to allow anonymous users to view the IPC$ share but usually there is no reason to and leaving it accessible to anonymous users just leaves you vulnerable to a potential hacker enumerating your system. Restricting it is the best option to be safe.
W2K - Win7

Disable Remote Desktop Sharing
This tweak will disable the Remote Desktop Sharing capability across the domain and network. There is already another tweak available that disables the Remote Desktop service. This tweak adds an extra layer of protection by preventing Remote Desktop Sharing even if a hacker/malicious program is able to restart the Remote Desktop service (not hard to do).
W2k - Win7

Hide From Browse List
This tweak will allow you to hide your computer or server from the "Browse Network" listings. A potential hacker can enumerate your network and gain more access points by simply browsing your network devices/computers. Prevent your computer from showing up in the browse list.
XP- Win7

LM NTLM NTLMv2 Compatibility
The original LM (LanManager) tried to improve security between clients/servers (pre-Windows NT). Then NTLM improved security for connections between Windows NT clients and servers and gave message confidentiality (encryption) and integrity (signing). Since then, the advancements in computer hardware and software algorithms have made these protocols vulnerable to widely published attacks for obtaining user passwords. Microsoft responded with NTLMv2 that significantly improves both the authentication and session security mechanisms. This hack allows you to specify which of the six LM/NTLM/NTLMv2 configuration settings you want to use.
XP - Win7

Parse Autoexec
The autoexec.bat file is not commonly used anymore but the capability to use it still exists. It can be used by a hacker or malicious program to run bad code at startup which could compromise the security and integrity of your system. If you do not have a specific reason to use the autoexec.bat file then I suggest disabling it to help lock down your system from a potential hacker.
W2K - Win7


Most or all of these may also work on Win8 but I haven't checked or tried.

Let me know if you have any questions or issues with these.



I will have more tweaks for Anti-hacker and Security soon. I will keep adding them to this thread as I make them available to keep it simple for people to find related tweaks. Keep checking back for new tweaks!
I'm new to Tweaking.com but very experienced with computers and networks since the early 90's.

Offline acclude

  • Newbie
  • *
  • Join Date: Mar 2013
  • Posts: 15
  • Location: Maryland
  • Karma: 1
  • Destructionator
    • View Profile
Re: [Add-on] Anti-hacker & Security Tweaks
« Reply #1 on: March 17, 2013, 10:44:16 PM »
Here are some more anti-hacker/security tweaks. This pack includes:

Change File Type (NOTE: THIS ITEM WILL BE REVISED SHORTLY. PLEASE DO NOT USE THIS ONE. UPDATE COMING SOON!)
This tweak can be used to prevent users from changing filetypes. Some malware and hackers will hide or transfer files with an unknown filetype to help hide it and get it past virus/malware checks. Even legitimate users will sometimes change filetypes to get past some security filters in a locked down network. This tweak prevents any filetypes (or extensions) from being changed by users.
W2k - Win7

ICMP Redirects Vulnerability
This tweak allows you to enable or disable Internet Control Message Protocol (ICMP) redirects. Through ICMP redirects, a host can find out which networks can be accessed from within the local network, and which are the routers to be used for each such network. The security problem comes from the fact that ICMP packets, including ICMP redirect, are extremely easy to fake and basically it would be rather easy for an attacker to forge ICMP redirect packets. The attacker can then on basically alter your host's routing tables and divert traffic towards external hosts on a path of his/her choice; the new path is kept active by the router for 10 minutes. Due to this fact and the security risks involved in such scenario, it is still a recommended practice to disable ICMP redirect messages (ignore them) from all public interfaces.
Vista - Win7 (maybe others too)

IP Source Routing Vulnerability
IP source routing is a mechanism that allows the sender to determine the IP route that a datagram should follow through the network. Attackers can use source routed packets to obscure their identity and location. Enabling this tweak will allow you to select your level of protection against source routing.
W2k - Win7 (maybe others too)

IRDP Vulnerability
This tweak allows you to disable the ICMP Router Discovery Protocol (IRDP). It is enabled by default on clients using DHCP (most home users) and can be a security issue because a hacker can spoof IRDP router advertisements which will allow the attacker to remotely add default route entries on your system. If you're not sure that you need IRDP then you probably don't and I suggest disabling it with this tweak. Enable this tweak to remove this vulnerability.
W2K- Win7

Keep Alive Time Vulnerability (NOTE: THIS ITEM WILL BE REVISED SHORTLY. PLEASE DO NOT USE THIS ONE. UPDATE COMING SOON!)
This tweak allows you to adjust the Keep Alive Time for active session connections. The Keep Alive Time controls how often TCP sends a keep-alive packet to verify that an idle connection is still intact. If the remote computer is still reachable, it acknowledges the keep-alive packet. This creates a possible Denial of Service (DoS) environment because the default time to keep alive on Windows Server is 2 hours and there is no time limit for workstations. This allows an attacker who is able to connect to network applications to establish numerous connections to perform a DoS attack.
W2k3 - Win7 (maybe others too)

Known Shell Extensions (NOTE: THIS ITEM WILL BE REVISED SHORTLY. PLEASE DO NOT USE THIS ONE. UPDATE COMING SOON!)
This tweak can be used to limit the system to only run files that have an approved shell extension. Some malware hides files with unknown/unapproved extension types and uses a specific program to execute them. This tweak prevents any unknown/unregistered extensions from being executed.
W2K - Win7

Last Logged In Username
Showing the last logged in username on the login screen decreases login security. A hacker then only needs to find out the password, not both a username and a password. You can enable this tweak to help increase the login security by requiring all users to input a username and password for each login and not displaying the last logged in username.
XP - Win7

Require CTRL ALT DEL For Login
Enable this tweak to require users to press "CTRL + ALT + DEL" to unlock the computer and be able to login. This could prevent some hidden malicious programs from executing their bad code at startup/login.
W2K - Win7



Most or all of these may also work on Win8 but I haven't checked or tried.

Let me know if you have any questions or issues with these.



I will have more tweaks for Anti-hacker and Security soon. I will keep adding them to this thread as I make them available to keep it simple for people to find related tweaks. Keep checking back for new tweaks!
« Last Edit: March 19, 2013, 04:54:01 AM by acclude »
I'm new to Tweaking.com but very experienced with computers and networks since the early 90's.

Offline acclude

  • Newbie
  • *
  • Join Date: Mar 2013
  • Posts: 15
  • Location: Maryland
  • Karma: 1
  • Destructionator
    • View Profile
Re: [Add-on] Anti-hacker & Security Tweaks
« Reply #2 on: March 17, 2013, 11:48:38 PM »
I will keep adding more Anti-hacker/Security tweaks, but there's a few things I wanted to say before anyone starts applying these tweaks and thinking their system is hacker-proof:

[PUBLIC SERVICE ANNOUNCEMENT]

There is no such thing as a hacker-proof computer or network!

Your system is only as secure as its' weakest link! If you have bad security practices then YOU are the weakest link and no amount of security updates/patches/settings will help with your system security!

Good system security/integrity requires a thorough, layered approach addressing all of the systems weaknesses including its' users!

Don't be na´ve and don't get a false sense of security! This leads to complacency. Complacency gives hackers/attackers a big advantage! 

Computer security DOES NOT equal information security! Even if you have the most secure computer in the world, publicly available information on the internet could be used to compromise your computer and the rest of your personal information!

[/PUBLIC SERVICE ANNOUNCEMENT]
« Last Edit: March 17, 2013, 11:55:39 PM by acclude »
I'm new to Tweaking.com but very experienced with computers and networks since the early 90's.

Offline Shane

  • Top Geek, err uh Dog.
  • Administrator
  • Hero Member
  • *****
  • Join Date: Sep 2011
  • Posts: 9274
  • Location: USA
  • Karma: 137
  • "Knowledge should be shared not hidden."
    • View Profile
    • Tweaking.com
Re: [Add-on] Anti-hacker & Security Tweaks
« Reply #3 on: March 18, 2013, 04:00:46 PM »
Keep in mind you can also pack all these up into one zip file for users as well :-)

And when you put a tweak file in the add ons folder of the program the tree view in the program builds the list buy the way the folders are in the add ons folder. So you can make sub categories if you like by simply putting your tweaks into a folder and having the user simply copy and past the tweaks tot he add on folder.

You can play around with it if you like, go to the adds on folder and change a few folder names. Open the program and you will see the change sin the tree view :-)

Shane
PLEASE EDIT YOUR TOPIC AND PUT (SOLVED) IF YOU ARE ALL FIXED.

(My weekends belong to my wife and kids, I will try my best to answer all posts daily during the work week)

(About Shane)
Site Owner, Top Admin, Lead Programmer, Wife & 5 kids, Needs a lot more coffee.

When people ask "Why fix what isn't broken?" I reply "To make it better."
"Only a life lived for others is a life worthwhile"
Honor & Respect is all that matters.

Owner & Programmer of: www.pcwintech.com & www.tweaking.com

Offline SynkOptik

  • Newbie
  • *
  • Join Date: Nov 2013
  • Posts: 1
  • Location: USA
  • Karma: 0
  • Seeing Together
    • View Profile
Re: [Add-on] Anti-hacker & Security Tweaks
« Reply #4 on: November 19, 2013, 10:00:45 PM »
These sound like great tweaks but will they work on Win8?
"If you lose, don't lose the lession."

Offline juhrom

  • Newbie
  • *
  • Join Date: Oct 2017
  • Posts: 2
  • Karma: 0
    • View Profile
Re: [Add-on] Anti-hacker & Security Tweaks
« Reply #5 on: October 07, 2017, 03:52:28 PM »
Here's the zip.