1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

How to block all network connections but not hamachi private network?

Discussion in 'General Security' started by godkratos6, Aug 5, 2010.

Thread Status:
Not open for further replies.
  1. godkratos6

    godkratos6 Thread Starter

    Joined:
    Feb 25, 2010
    Messages:
    7
    What I want is the most secured pc possible, disabling all the network connections except my private network made with hamachi. I use it to play games on lan with my friend, but when I get malicious tools from internet, all my system is f***ed up and I need to reinstall windows, softwares and all my games, one by one.

    -I use the standard windows firewall, my computer is xp pro SP3.
    -I deleted every web browser I had, explorer not completely removed.
    -Our hamachi network is secured with a password, only the two of us using it.
    -I plan on freezing my system partition after making all the changes needed (deepfreeze)

    So how can I reinforce my pc security without buying an AV that will ruin me? What setting should I change in my firewall or is there a better one aviable for free? Is there an alternative to freezing my system since I need to turn it off even for the smallest change?

    Hope you can help me on this.;)
     
  2. lunarlander

    lunarlander

    Joined:
    Sep 21, 2007
    Messages:
    9,720
    From what I've read, you have to allow Hamachi to contact its server in order to login.

    Apart from that, go to Windows Firewall, Exceptions tab, and uncheck everything that you feel is not used.

    A stateful packet inspection (SPI) firewall will only allow networks packets to come in if it has seen packets going out to that address. So if an application talks to a server, then that server is allowed to reply back. Otherwise all other inbound connections attempts are blocked. The Windows Firewall is an SPI type. So, that should fulfill your requirement of "disabling all network connections" .

    One thing you should consider. Windows Firewall on XP doesn't block outgoing applications. So if you downloaded a malware and it starts calling home, Windows Firewall will not stop it. There are free firewalls available, like Comodo and Online Armor, which have outbound blocking. These 2 have a built in white list of safe programs to allow online. If an unrecognized program calls outbound, it will ask you for permission.

    I don't understand why an antivirus will ruin you. I'll assume that you mean financially. There are a number of antivirus programs that are free: AVG Free, MS Security Essentials and Avast.

    You stated that you want the 'most secured pc possible'. So I'll add some other advice.

    Get a router if you don't have one. Even if you have only 1 PC. The router will act as a basic hardware firewall. The Windows Firewall is ok, but you need that router as an additional layer of defense.

    It is best not to tamper with Internet Explorer, it is too integrated into Windows. Besides, you will need a browser to configure your router. But you can use Firefox, Opera or Chrome.

    A secured Windows is one that is configured to do Only the things you need, and nothing more. When you have extra features that you don't need, it just enlarges the 'attack surface' that an attacker can use. First things to look for are the 'network facing' features, because hackers can tamper with anything that respond through the internet.

    Go to Network/Properties and uncheck all protocols that you do not use. A minimal configuration just needs TCP/IP v 4.

    There are some services running on XP that you'll never use. See this article:

    http://blogs.techrepublic.com.com/security/?p=354

    Note, you better write down the list of services that you disable, and what the original settings were - automatic or manual.

    Go to Secunia and install their PSI program. This program will inspect your installed applications and notify you when one of them have security updates. You will want to run this weekly.

    Also keep Windows Update on Automatic. Most patches nowadays are security related, and you do NOT want to delay installing them.

    If your programs can work when using a non-admin account, then use a non-admin account for your daily activities. The administrator account is all powerful, and if someone successfully attacks a program running as admin, they will gain admin rights on your system too. Then it's game over.

    Someone with physical access to your PC can do a lot of damage. So you should have a long and complex passphrase for logon. For example, the phrase "Kirk is the captain of the USS Enterprise" will become "kitcotusse". Throw in a number and it becomes "k444itcotusse". I recommend passphrases longer than 16 characters.

    Part of keeping your Windows secure is to keep up with all security fixes. A lot of successful attacks are based on vulnerabilities that already have patches, just because people don't do Windows Update. Never fall behind on patches. This is especially important for XP, because unlike Vista or Win7, it doesn't have ASLR, services hardening and other technologies to foil attacks.

    Security is part 'setup' and a lot of maintenance. To use a physical analogy, you want to lock a door to keep the room safe, but you have to inspect the lock on a regular basis to check that it remains locked. For example: go to grc.com and run their shields up test, this confirms that your firewall is up. Go to Control Panel/Administrative Tools/Computer Management/Groups and check that no new accounts has joined the Administrators group. Run msconfig, go to startup tab and check no unknown programs are starting up as you login.
     
  3. godkratos6

    godkratos6 Thread Starter

    Joined:
    Feb 25, 2010
    Messages:
    7
    Thank you so much, a perfect answer. I'll try your advices asap! :D
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/940976

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice