OneDay

New Member
Hi to all! With this thread, I'd like to mention some simple steps you could follow to lessen the attack surface of your Windows network. Not all steps are best for everybody. This guide involves disabling some protocols that for some users may be necessary, so please, take caution. Let's begin!

Step one
Turn on your hardware (router) firewall if available.

Step two
Use WPA2 encryption (with AES).

Step three
Go to Control Panel\Network and Sharing Center\Local Area Connection\Properties and disable all protocols except Internet Protocol Version 4 (TCP/IPv4).
(Note: some third-party firewalls use their own drivers, so be careful not to disable it)

Step four
On the same window, click on Internet Protocol Version 4 (TCP/IPv4) and then click Properties.
Click on Advanced in the General tab.
Go to the DNS tab and uncheck the 'Register this connection's addresses in DNS'.

Step five
On the same window, go to WINS tab and check the 'Disable NETBios over TCP/IP' setting.

Step six
Go to Device Manager, click on View and then check Show hidden devices.
Make sure in the Network section, that Teredo Tunneling Pseudo-Interface, WAN Miniport (IPv6) and Microsoft ISATAP Adapter are disabled.

Step seven
On Non-Plug and Play Drivers, do the following:
Find NETBT and Remote Access IPv6 ARP Driver > right-click and go to Properties > go to the Driver tab > on Startup change the option to Disabled.

Step eight
Open the Command Manager (Run as administrator) and type the following command:
netsh interface ipv4 set global mldlevel=none
It disables the IGMP protocol.

Step nine
Disable the following services (via services.msc):
- Internet Connection Sharing
- Media Center Extender service
- Net. TCP port Sharing service
- Routing and Remote Access
- Universal Plug and Play Device Host
- SSDP Discovery Service

Step ten
Change your firewall profile to Public.

Restart your computer.


That's all, folks! Thanks for reading.

Disclaimer: review each step to make sure it won't render your computer unusable (no such chance, just a loss of internet connection). Undo the above one by one to find the culprit. Any suggestions are welcome!

Note: the following actions were performed in a Windows 7 32-bit system.
 
Last edited: