NIST Site Search
Search NIST.GOV
Custom Search
[Official NIST.GOV TIME]
Product Research

Advertise on this site
NIST SP 800-69 (draft) Guidance for Securing Microsoft Windows XP Home Edition
A NIST Security Configuration Checklist
on Monday 14 August 2006 print the content item {PDF=create pdf file of the content item^plugin:content.58}
in NIST.gov Publications > Special Publications - SP 800 series

SP 800-69 should be considered essential reading for all Windows XP Home Edition users. It does a very good job of summarizing the various threats facing home computer users and lists simple ways for users to mitigate them without having to be technically proficient.

You can download the NIST Special Publication 800-69 from NIST.gov

This document should be considered essential reading for all Windows XP Home Edition users. But that is asking a lot, the SP 800-69 document is 169 pages. However it does a very good job of summarizing the various threats facing home computer users and lists simple ways for users to mitigate them without having to be technically proficient. Surprisingly the document also goes out on a limb in a few places such as listing services that users can disable. It won't make anyone a security expert but it will give the average computer user a much better understanding of the threats they face every time they use their computer online. It even covers wireless networking, re-installation of the operating system, backups, and step-by-step instructions on how configure many of the security features that are built-in to Windows XP Home Edition.


(The below is a short description of SP 800-69 from NIST.gov, edited)

The draft SP 800-69 provides a checklist and guidance to home users, such as telecommuting Federal employees, on improving the security of their home computers that run Windows XP Home Edition. These computers face many threats from people wanting to cause mischief and disruption, commit fraud, and perform identity theft. The publication explains the need to use a combination of security protections to achieve a defense in depth. Thee protections include such as: antivirus software, antispyware software, a personal firewall, limited user accounts, and automatic software updates, to secure a computer against threats and maintain its security. It also emphasizes the importance of performing regular backups to ensure that user data is available after an adverse event such as an attack against the computer, a hardware failure, or human error. The publication contains a detailed step-by-step directions for securing Windows XP Home Edition computers that can be performed by experienced Windows XP Home Edition users.

Users of Windows XP Home Edition need to be aware of the threats that their computers face and the security protections available to protect their computers so that they can operate their computers more securely. Security protections are measures used to thwart threats.

Summary:

One of the most important parts of securing a Windows XP Home Edition computer is eliminating known weaknesses, because attackers could attempt to take advantage of them. Five categories of methods for eliminating weaknesses are as follows:
  • Limiting access to the computer through separate password-protected user accounts for each person, with different accounts for administrative and daily tasks (a limited user account)
  • Applying software updates to the computer on a regular basis, including Windows XP Home Edition and software applications
  • Limiting network access by disabling unneeded networking features, limiting the use of remote access utilities and Internet Connection Sharing, and configuring wireless networking securely
  • Modifying default file associations and the display of default file extensions
  • Disabling services that are not needed.


The five most important protections that should be used for Windows XP Home Edition computers connecting to the Internet are as follows:
  • Using a personal firewall that is configured to restrict incoming network activity to only that which is required
  • Using a limited user account for typical daily use of the computer
  • Running up-to-date antivirus software and antispyware software that is configured to monitor the computer and applications often used to spread malware (e.g., e-mail, Web) and to quarantine or delete any identified malware
  • Applying updates to the operating system and major applications (e.g., e-mail clients, Web browsers) regularly, preferably through automated means that check for updates frequently
  • Performing regular backups so that data can be restored in case an adverse event occurs.


---
The SP 800-69 document was created by the National Institute of Standards and Technology and is public domain (not subject to copyright).


NIST Special Publication # 800-69


Translate to: French German Italian Spanish Portuguese GTM_LAN_DUTCH Russian Chinese Arabic Korean English
Google Ads




Headlines

»CVE-2014-9757
The Ignite Realtime Smack XMPP API, as used in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0, allows remote configured XMPP servers to execute arbitrary Java code via serialized data in an XMPP message.
»CVE-2015-2012
The MQXR service in WMQ Telemetry in IBM WebSphere MQ 7.1 before 7.1.0.7, 7.5 through 7.5.0.5, and 8 ...
»CVE-2015-3251 (cloudstack)
Apache CloudStack before 4.5.2 might allow remote authenticated administrators to obtain sensitive p ...
»CVE-2015-3252 (cloudstack)
Apache CloudStack before 4.5.2 does not properly preserve VNC passwords when migrating KVM virtual m ...
»CVE-2015-7675
The "Send as attachment" feature in Ipswitch MOVEit DMZ before 8.2 and MOVEit Mobile before 1.2.2 al ...
»CVE-2015-7677 (moveit_dmz)
The MOVEitISAPI service in Ipswitch MOVEit DMZ before 8.2 provides different error messages dependin ...
»CVE-2015-7678
Multiple cross-site request forgery (CSRF) vulnerabilities in Ipswitch MOVEit Mobile 1.2.0.962 and e ...
»CVE-2015-7679
Cross-site scripting (XSS) vulnerability in Ipswitch MOVEit Mobile before 1.2.2 allows remote attack ...
»CVE-2015-7680
Ipswitch MOVEit DMZ before 8.2 provides different error messages for authentication attempts dependi ...
»CVE-2015-8360
An unspecified resource in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0 allows remote atta ...
»CVE-2015-8361
Multiple unspecified services in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0 do not requi ...
»CVE-2015-8629
The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) befo ...
»CVE-2015-8630
The (1) kadm5_create_principal_3 and (2) kadm5_modify_principal functions in lib/kadm5/srv/svr_princ ...
»CVE-2015-8631
Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before ...
»CVE-2016-0022
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, ...


Date published: 2016-02-13T05:50:00Z
Details

»Mozilla Releases Security Updates
Original release date: February 11, 2016 The Mozilla Foundation has released security updates ...
»Cisco Releases Security Update
Original release date: February 10, 2016 | Last revised: February 11, 2016 Cisco has released ...
»Microsoft Releases February 2016 Security Bulletin
Original release date: February 09, 2016 Microsoft has released 13 updates to address vulnera ...
»Google Releases Security Update for Chrome
Original release date: February 09, 2016 Google has released Chrome version 48.0.2564.109 to ...
»Adobe Releases Security Updates
Original release date: February 09, 2016 Adobe has released security updates to address vulne ...
»Oracle Releases Security Updates for Java
Original release date: February 08, 2016 Oracle has released security updates to address a vu ...
»Comodo Chromodo Browsers Vulnerable to Cross-Domain Attacks
Original release date: February 04, 2016 Some Comodo Chromodo browser versions (45.8.12.392, ...
»WordPress Releases Security Update
Original release date: February 02, 2016 WordPress 4.4.1 and prior versions contain two secur ...
»FTC Announces Enhancements to IdentityTheft.gov
Original release date: January 29, 2016 The Federal Trade Commission (FTC) has upgraded its I ...
»OpenSSL Releases Security Advisory
Original release date: January 28, 2016 OpenSSL versions 1.0.2f and 1.0.1r have been released ...


Date published: not known
Details

»VB2015 paper: Sizing cybercrime: incidents and accidents, hints and allegations
Cybercrime is big. But how big is it really? In a paper presented a ...
»Throwback Thursday: The Thin Blue Line
This Throwback Thursday, VB heads back to 1994 when UK Fraud Squad ...
»Welcome to virusbulletin.com
Almost 20 years after Virus Bulletin revealed its first site on the ...
»VB2015 video: TurlaSat: The Fault in our Stars
In a presentation at VB2015 in Prague, Kaspersky Lab researcher Kur ...
»Security vendors should embrace those hunting bugs in their products
When interviewed by the Risky Business podcast last week, VB Editor ...
»February
Anti-virus and security related news provided by independent anti-v ...
»More VB Conference papers and videos published
More VB2014 Conference papers and videos published - 11 papers and ...
»Throwback Thursday: Peter-II - Three Questions of The Sphinx
This Throwback Thursday, VB heads back to 1993, when an ordinary me ...
»VB2015 paper: Effectively testing APT defences
Simon Edwards discusses how to test the potentially untestable. ...


Date published: not known
Details
Main Menu
· Home
Current Security News
 
US-CERT Current Activity

» Mozilla Releases Security Updates
[11 Feb 2016 08:06pm]

» Cisco Releases Security Update
[10 Feb 2016 10:17am]

» Microsoft Releases February 2016 Security Bulletin
[09 Feb 2016 03:44pm]

» Google Releases Security Update for Chrome
[09 Feb 2016 03:18pm]

» Adobe Releases Security Updates
[09 Feb 2016 11:01am]

» Oracle Releases Security Updates for Java
[08 Feb 2016 02:20pm]

» Comodo Chromodo Browsers Vulnerable to Cross-Domain Attacks
[04 Feb 2016 05:53pm]

» WordPress Releases Security Update
[02 Feb 2016 02:46pm]

» FTC Announces Enhancements to IdentityTheft.gov
[29 Jan 2016 03:36pm]

» OpenSSL Releases Security Advisory
[28 Jan 2016 02:11pm]

***
US-CERT Alerts

» TA15-337A: Dorkbot
[03 Dec 2015 04:40pm]

» TA15-314A: Compromised Web Servers and Web Shells - Threat Awareness and Guidance
[10 Nov 2015 06:12pm]

» TA15-286A: Dridex P2P Malware
[13 Oct 2015 05:23am]

» TA15-240A: Controlling Outbound DNS Access
[28 Aug 2015 11:31am]

» TA15-213A: Recent Email Phishing Campaigns – Mitigation and Response Recommendations
[01 Aug 2015 04:01pm]

» TA15-195A: Adobe Flash and Microsoft Windows Vulnerabilities
[14 Jul 2015 05:13pm]

» TA15-120A: Securing End-to-End Communications
[29 Apr 2015 10:00pm]

» TA15-119A: Top 30 Targeted High Risk Vulnerabilities
[28 Apr 2015 10:00pm]

» TA15-105A: Simda Botnet
[15 Apr 2015 06:51am]

» TA15-103A: DNS Zone Transfer AXFR Requests May Leak Domain Information
[13 Apr 2015 01:36pm]

***
Computerworld Security

» Nasdaq to use blockchain to record shareholder votes
[12 Feb 2016 09:41am]

» Pwn2Own contest puts $75K bounty on VMware Workstation bypass
[12 Feb 2016 08:15am]

» 7 Android tools that can help your personal security
[12 Feb 2016 04:30am]

» ENCRYPT Act co-sponsor learned tech ropes at Microsoft
[11 Feb 2016 03:29pm]

» Data destruction 101: There's more to it than wiping your drive [Infographic]
[11 Feb 2016 10:00am]

» Critical flaw exposes Cisco security appliances to remote hacking
[11 Feb 2016 08:19am]

» House bill would prevent patchwork of state laws banning smartphone encryption
[11 Feb 2016 04:45am]

» Encryption boost from U.S. House bill: Stop States’ smartphone stupidity
[11 Feb 2016 04:37am]

» Android root malware is widespread in third-party app stores
[10 Feb 2016 04:07pm]

» SAP slaps a patch on leaky factory software
[10 Feb 2016 09:06am]

» Microsoft fixes 36 flaws in IE, Edge, Office, Windows, .NET Framework
[10 Feb 2016 08:34am]

» Government may tap into your IoT gadgets and use your smart devices to spy on you
[10 Feb 2016 08:20am]

» Poseidon hacker group behind long-running extortion scheme
[10 Feb 2016 06:04am]

» Setting up a Windows 10 picture PIN
[10 Feb 2016 06:00am]

» U.S. regulator: A Google computer could qualify as car driver
[10 Feb 2016 05:51am]

***
Microsoft Security Advisories

» 3137909 - Vulnerabilities in ASP.NET Templates Could Allow Tampering - Version: 1.1
[10 Feb 2016 12:00am]

» 2871997 - Update to Improve Credentials Protection and Management - Version: 5.0
[09 Feb 2016 12:00am]

» 3123479 - Deprecation of SHA-1 Hashing Algorithm for Microsoft Root Certificate Program - Version: 1.0
[12 Jan 2016 12:00am]

» 3109853 - Update to Improve TLS Session Resumption Interoperability - Version: 1.0
[12 Jan 2016 12:00am]

» 3118753 - Updates for ActiveX Kill Bits 3118753 - Version: 1.0
[12 Jan 2016 12:00am]

» 2755801 - Update for Vulnerabilities in Adobe Flash Player in Internet Explorer and Microsoft Edge - Version: 53.0
[05 Jan 2016 12:00am]

» 3123040 - Inadvertently Disclosed Digital Certificate Could Allow Spoofing - Version: 1.0
[08 Dec 2015 12:00am]

» 3057154 - Update to Harden Use of DES Encryption - Version: 1.1
[08 Dec 2015 12:00am]

» 3119884 - Inadvertently Disclosed Digital Certificates Could Allow Spoofing - Version: 1.0
[30 Nov 2015 12:00am]

» 3108638 - Update for Windows Hyper-V to Address CPU Weakness - Version: 1.0
[10 Nov 2015 12:00am]

» 3097966 - Inadvertently Disclosed Digital Certificates Could Allow Spoofing - Version: 2.0
[13 Oct 2015 01:00am]

» 2960358 - Update for Disabling RC4 in .NET TLS - Version: 2.0
[13 Oct 2015 01:00am]

» 3042058 - Update to Default Cipher Suite Priority Order - Version: 1.1
[13 Oct 2015 01:00am]

» 3083992 - Update to Improve AppLocker Publisher Rule Enforcement - Version: 1.0
[08 Sep 2015 01:00am]

» 3074162 - Vulnerability in Microsoft Malicious Software Removal Tool Could Allow Elevation of Privilege - Version: 1.0
[14 Jul 2015 01:00am]

***
WIRED » Security

» Don’t Set Your iPhone Back to 1970, No Matter What
[12 Feb 2016 11:03am]

» Evidence Suggests the Sony Hackers Are Alive and Well and Still Hacking
[12 Feb 2016 07:00am]

» Encryption Is Worldwide: Yet Another Reason Why a US Ban Makes No Sense
[11 Feb 2016 10:23am]

» New Bill Aims to Stop State-Level Decryption Before It Starts
[10 Feb 2016 01:27pm]

» Obama’s Cybersecurity Plan is Meant to Secure His Legacy
[10 Feb 2016 05:00am]

» How to Hack the Power Grid Through Home Air Conditioners
[09 Feb 2016 08:40am]

» Donate Your Old USB Drives to Fight North Korean Brainwashing
[09 Feb 2016 07:00am]

» Obama’s New Cybersecurity Plan Sticks to the Most Basic Basics
[09 Feb 2016 03:01am]

» Hack Brief: Hacker Leaks the Info of Thousands of FBI and DHS Employees
[08 Feb 2016 01:33pm]

» It’s Been 20 Years Since This Man Declared Cyberspace Independence
[08 Feb 2016 07:58am]

***
Network World Security

» Belizean law enforcement, FBI reportedly question John McAfee’s ex-girlfriend
[13 Feb 2016 08:53am]

» Q&A: Mobile app security should not be an afterthought
[12 Feb 2016 01:26pm]

» IDG Contributor Network: Federal agencies struggling with digital transformation, study says
[12 Feb 2016 01:26pm]

» White-hat hackers key to securing connected cars
[12 Feb 2016 09:35am]

» REVIEW: Cyphort makes advanced threat protection easier than ever
[25 Jan 2016 04:00am]

» Two network video cameras raise the bar for home security
[19 Jan 2016 12:20pm]

» FidSafe: A cloud service for important documents (and the price is right)
[15 Jan 2016 06:23pm]

» Best open source email security products
[11 Jan 2016 04:00am]

» REVIEW: MailScanner and ScrolloutF1 are standouts in open source email security
[11 Jan 2016 04:00am]

» Piper nv: An ambitious home monitoring and automation system
[09 Jan 2016 04:09pm]

» Sentri wants to guard your home but isn't very good at it yet
[20 Dec 2015 04:11pm]

» Dog and Bone LockSmart: The padlock rethought
[19 Dec 2015 12:53pm]

» Review: Best password managers for the enterprise
[07 Dec 2015 04:00am]

» IDG Contributor Network: Federal agencies struggling with digital transformation, study says
[12 Feb 2016 01:26pm]

» White-hat hackers key to securing connected cars
[12 Feb 2016 09:35am]

***


More IT Security
News Feeds
More Sponsors

Advertise on this site
RSS Feeds
Our news can be syndicated by using these rss feeds.
rss1.0
rss2.0
rdf
Symantec News

NIST.org is in no way connected to the U.S. government site NIST.gov

This site is © John Herron, CISSP. All Rights Reserved.

Please visit daily to stay up to date on all your IT Security compliance issues.

http://www.nist.org -
Hosted by BlueHost. We've never had a better hosting company.
{THEMEDISCLAIMER}