Configure your Windows XP system securely with Seconfig XP

What a great little freeware application. Seconfig is only 37K in size and can be right from the location that you decided to unpack it to. The freeware has three main features: Restrict Lan-like access, service settings and TCP/IP settings. You may use the program to disable Netbios, SMB and RPC over TCP/IP which are major entry points for worms and hackers.

The service settings let you disable services that may not be needed, and are often used to attack a system over a network or Internet. Among the services that you can disable are the Remote Registry service, the Messenger service, SSDP discovery service and that IPSEC Services.

The TCP/IP settings finally allow you to change the following entries: Drop all incoming IP source routed packets, Disable automatic detection of "dead" gateways, Disable IRDP (all interfaces), Disable ICMP redirect and Disable ports 1025 to N.

Seconfig features:

• Disable NetBIOS over TCP/IP (all interfaces).
• Disable SMB over TCP/IP.
• Disable RPC over TCP/IP.
• Change NetBIOS Scope ID.
• Disable Remote Registry service.
• Disable Messenger service.
• Disable SSDP Discovery Service.
• Do not start IPSEC Services automatically.
• Drop all incoming IP source routed packets.
• Disable automatic detection of "dead" gateways.
• Disable IRDP (all interfaces).
• Disable ICMP redirect.
• Enable strict ARP table update.
• Accept responses only from queried DNS servers.
• Disable ports from [port range] to [port range]

Click on help if you want to look up information about the tweaks the program makes available to you. I suggest you know what you are doing before you make changes to the system, as you may shut down or disable services or features that are needed by programs or services on your system.  Seconfig will change settings in the Registry. You can undo all changes made by the program by running it again and reverting the changes in the interface.

If you click on status you see a list of all open TCP/IP and UDP ports and if Netbios, SMB and RPC over TCP/IP are closed or not.

Update: The program is only compatible with Windows XP and its server counterpart Windows Server 2003, and earlier versions of Windows. It is not compatible with newer versions of the Windows operating system.

If you are on a newer version of the operating system, I suggest you check out Improve Windows Security By Closing Open Ports which describes tools and options to close down ports and services on those versions of Windows.