Here I am assembling various things I want to share with everyone.  It will always be a work in progress.

Windows:

Things I do after a fresh install of Windows XP SP2:

1.)  As Windows XP SP3 has just been released it’s prudent to install that before connecting the computer to the internet.  (I will update this with a link when it’s actually available to the average joe in a few weeks)

2.)  In the control panel go to Add or Remove Programs, Add/Remove Windows Components, and uncheck the following:
- MSN Explorer
- Outlook Express (unless you actually use this)
- Windows Messenger
- Any games you don’t want

3.)  I always revert my theme to the Windows Classic theme (and turn on ClearType, but this is monitor specific advice).  I also right click on My Computer, and then to Properties.  I do the following:
- Under the Performance options, unless the computer is very old I just leave the Visual Effects tab alone.  In the Advanced tab I change my Virtual Memory to exist on one drive only, and set it to 1.5 multiplied by the amount of physical RAM I have, unless I have over 3GB in which case I disable the paging file altogether.
- Under Startup and Recovery I change the timeout to 10 seconds (I typically dual boot operating systems).
- I set Automatic Updates to download and let me choose when to install.

4.)  Update all drivers on the system.  Typically I already have these downloaded onto a thumb drive and they’re ready to go.

5.)  Install Antivirus.  Grisoft’s AVG Free Edition works for most people.  I use the Symantec Endpoint client the US Navy provides me and that works well.  If you feel like paying NOD32 and Kaspersky are both good, don’t bother with the whole “Internet Security” suites though, get the AV scanning software ONLY, anything else is bloat.

6.)  Under the Start Menu, click Run, then type msconfig and hit enter.  On the window that pops up click the Startup tab.  Here I generally slim down startup to just what I need.  I turn off everything else.  This will be specific to your system.

7.)  At this point it’s safe to go online.  Preferably you’re behind a router with NAT functionality.  If not, it’s not the end of the world though.

8.)  Some other software I always install:
- Daemon Tools
- TweakUI
- Launchy
- Digsby
- Skype
- WinSCP
- PuTTY
- Firefox
- HydraIRC
- Foxit PDF Reader
- VLC
- ffdshow
- WinZip, WinRAR, 7zip (trial versions of the first two are just fine, I don’t think they ever really expire)
- Alcohol 120% (I paid for this a couple of years ago.. amazing software, good for making images and burning them, lots of options)
- MS Office or Open Office

9.)  Some other misc tweaks:
- If you use Internet Explorer a great deal, go into the Options window and under Browsing History, change the option to “Every time I visit the webpage”, and for disk space to use, change it to 50MB (the lowest).
- I always set my homepage to about:blank
- Also set the option not to remember passwords.
- In any folder go to Tools, Folder Options and under the View tab, uncheck “Hide extensions for known file types”, as well as make sure “Show hidden files and folders” is bubbled in.  After these are done click Apply to All Folders to ensure this is consistent across your system.
- Disable System Restore
- Disable unnecessary windows services using Black Viper’s guide located here:  http://www.blackviper.com/.  The “SAFE” options are good enough for most of us.

I’m sure I will think of more later.  Ghost this setup if you want to so you don’t have to do it over and over again.

Well yesterday I attempted to install the Serendipity blogging software.  I’ll have to give it another shot from my desktop, as I was constrained for time and couldn’t get it to import the wordpress database.

It’s been 3 weeks since I began using Ubuntu as my primary desktop OS, and so far I am loving it. I never claimed to be the expert on Linux, and had never really run it for anything other than experimentation before, so this has been quite a learning experience for me.

Obviously the best part is having that fine-grained control over every aspect of the OS and being able to readily access a wealth of software from the open source community with more often than not, a simple apt-get command.

Beryl is another reason I am loving Ubuntu. When I discovered the middle click function on the desktop, I was in awe. It literally throws you into a 3D mode where you can drag the cube around and see layers of windows on each desktop, stacked behind each other in the order they were opened.

I’m going to give another update here in a few weeks and decide whether to continue using it as a primary desktop OS.

Okay so I didn’t quite make it on the once per week promise.

Over the last 9 days I managed to (with the help of friends) troubleshoot and send parts to my Mom so she could have a guy at work fix her computer without me having to fly up there, which just wasn’t going to happen right now given how busy I am.  Somehow she shorted the motherboard out.

Linux+ is looming ahead, next week, and I haven’t done a lot of studying.  The certification itself is meaningless to me, but it was a command voucher I used in order to take it so I have to keep my end of the deal up.  It’s going to have to basically be a weekend cram session in order to prepare for it, because I have my CISSP study group on both Tuesday and Thursday this week.

On the technology front, I am exploring a few options to organize some of the experience and knowledge I and some friends of mine have into something possibly presentable to the general public.  Whether this will be some sort of podcast, or new blog, or just a forum has yet to be determined.  The key factor is how quickly we can bundle everything together into something a layman can understand, and push it out.  I’m really into the whole podcast idea right now, but that might just be because I have only owned an iPod for 6 weeks.

Ironically, I found myself reccomending AOL’s antivirus software yesterday, because it is free and based on Kaspersky’s engine.  The only real issue is that of anonymous data collection and privacy, so wear your tinfoil hat if you choose to install it like I did.

Rootkits

Checking up on packetstormsecurity.com today I see confirmation of what has been getting a lot of news lately — rootkits. According to pandasoftware (the vendor of the Panda antivirus/antispyware/etc products) there was a substantial increase in rootkits last year.

I believe we’re going to see that activity peak in the next year or two as techniques become more advanced for implementing them. In our SANS class this week some of us have traded ideas about how to implement and also defeat these things. I’ll probably touch more on this later next week.

CTF

I’m all geared up for our little “Capture the Flag” competition tomorrow. Read more »

A news item from SANS today.  Those of you running Sun Java JRE may want to ensure you are removing old versions upon upgrading, as any Java applet can go ahead and request what version of JRE it wants, making your upgrade effort for naught.  The diary entry includes links to install/uninstall instructions.

Also over at SecurityFocus there is an interview with Bill Cheswick, who started the Internet Mapping Project which eventually evolved into software for mapping corporate and government networks.  It’s a very good read, touching on firewalling, logging, NIDS, IPS, how to fight DDOS attacks, and the future of BGP/DNS.

I will be upgrading to Wordpress 2.1 sometime Wed or Thurs, as I mentioned in yesterday’s entry.

I bought one of these over the weekend, and it arrived yesterday.  Setup was a breeze, didn’t bother using the CD.  I now have WPA2-PSK securing my wireless network.  Definitely worth the upgrade over my old Gateway router that came with my laptop back in 2004.

I’m going to upgrade the firmware on it that was discussed in this lifehacker article.  Hopefully I don’t brick the router.

I was browsing around trying to stay awake and noticed that Lifehacker has a great article up on how to encrypt your e-mail. It primarily covers Thunderbird with PGP, but has good information regardless of whether you use that application or not.

Just remember, even though encryption is a great way to have secure communications, don’t expect your tinfoil hat to keep you safe if you’re actually engaging in illegal activities, such as planning some kind of terrorist attack. Law enforcement can still subpoena the keys from you in order to decrypt your messages should you be arrested in connection for said activity. Naturally you’d still be able to deny them the keys, but you’d just end up in jail for a long time until you did.

Also remember that the NSA can crack most forms of encryption.

I was cleaning up my office, and I came across a piece of paper that had 8 Commandments of Network Security on it.  I’m not sure where it came from, but I like the list so here it is:

Thou shalt use strong passwords and change the default passwords that come with any program.

Thou shalt use up-to-date anti-virus software on all computers.

Thou shalt change the default configurations of newly installed operating systems and applications.

Thou shalt not run services that are not required.

Thou shalt install security fixes for operating systems and applications as soon as they become available.

Thou shalt back up your systems early and often.

Thou shalt protect your systems against power surges and loss of power.

Thou shalt know who you are trusting.  That goes for trusted network connections as well as personnel.