Security Basics mailing list archives
RE: Setting up secure windows xp network
From: "wjnorth" <wjnorth () earthlink net>
Date: Wed, 28 May 2003 12:16:24 -0700
I personally would check out a few different Windows hardening resources: http://www.nsa.gov/snac/index.html for NSA snac guides (NOTE: I would take extreme care and caution when utilizing these guides, as they are known to break systems very easily). http://www.systemsexperts.com/literature.html systems experts have some good guidance http://www.microsoft.com/technet/treeview/default.asp?url=/technet/secur ity/prodtech/windows/secwin2k/default.asp And you can always rely on MS to provide you with quite a bit of fluff, but there's still some good info there as well. When hardening using the Windows templates from NSA, I would caution you to make sure you do a full analysis on what it will lock down, you'll end up finding out later on that some of the services (i.e. COM+, WMI etc) are needed for certain applications. As far as a software based firewall, I did a trade analysis on host-based firewalls a few weeks back, and Norton personal firewall stood out to be a very good app. Only problem is it has more granular control then say (BlackICE, McAfee, Tiny Firewall, Zone Alarm, Sygate etc. etc.). You may find it a bit more difficult to control, however, once you understand it, it is actually a very effective firewall, and even has built-in IDS rules that can be used. You just have to figure out how to use it. ;-) -Wesley North Senior Information Systems Security Engineer BAE SYSTEMS, MISSION SOLUTIONS wesley.north () baesystems com -----Original Message----- From: James Taylor [mailto:james_n_taylor () yahoo com] Sent: Tuesday, May 27, 2003 5:39 PM To: 'SML'; security-basics () securityfocus com Subject: RE: Setting up secure windows xp network Hi Anna, This will be considered a bit of a crappy solution by most sec professionals, but for your network and, sorry if this is incorrect, level of perceived expertise, it might be suitable. You do need some protection that you can easily manage. I suspect that both Norton and Mcaffee would work, but need a level of tweaking though. Who not look at the commercial versions of Zone Alarm? Then just modify the outgoing traffic to allow what traffic you want and add your (external?) mail and DNS servers to the 'trusted zones". It's not great but you should be able to scan yourself (scan.sygate.com) and find yourself protected. There is a wealth of information and help through the Zone Labs forums. You might also want to load Zone Alarm (not the free version) on the individual workstations. Then run the MS Baseline Security Analyser to check and recommend tightening the gateway. http://www.microsoft.com/technet/treeview/default.asp?url=/TechNet/Secur ity/tools/tools/MBSAHome.ASP Regards James --- Lachlan McGill <Lachlan.McGill () au logical com> wrote:
As a very simple method, you can try just blocking ports on the network card level in its TCP/IP properties. This is very simple and also not necessarily the most secure. You should be able to get some success with third party apps such as Nortons, Mcafee and Zone Alarm. Its just a matter of configuring them properly to suit your setup. -----Original Message----- From: SML [mailto:sml () ukf net] Sent: Friday, 23 May 2003 12:57 AM To: security-basics () securityfocus com Hello list. I'm in the process of securing Windows xp prof network, consisting of 5 computers. We use "workgroup" configuration. Also the computers are conected to internet through windows 2000 gateway computer with 2 network cards, where one card connects to ADSL router. NAT software is in place on the gateway. I'd much appreciate if somebody could point me to the internet recourses, or give advise on how to make the most of windows own security features, policies etc. Also what software firewall could we use on the gateway, since after trying norton and mcaffe firewals, we couldn't access the intrenet. Thanks, Anna
------------------------------------------------------------------------ ---
Thinking About Security Training? You Can't Afford Not To! Vigilar's industry leading curriculum includes: Security +, Check Point, Hacking & Assessment, Cisco Security, Wireless Security & more! Register Now! --UP TO 30% off classes in select cities-- http://www.securityfocus.com/Vigilar-security-basics
------------------------------------------------------------------------ ----
------------------------------------------------------------------------ ---
------------------------------------------------------------------------ ----
__________________________________ Do you Yahoo!? The New Yahoo! Search - Faster. Easier. Bingo. http://search.yahoo.com ------------------------------------------------------------------------ --- ------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Setting up secure windows xp network SML (May 22)
- RE: Setting up secure windows xp network Manuel Fernandes (May 23)
- <Possible follow-ups>
- Re: Setting up secure windows xp network Chris R (May 23)
- Re: Setting up secure windows xp network Kenzo (May 26)
- Re: Setting up secure windows xp network m g (May 23)
- RE: Setting up secure windows xp network Lachlan McGill (May 27)
- Re: Setting up secure windows xp network Danny (May 28)
- RE: Setting up secure windows xp network James Taylor (May 28)
- Setting up secure windows xp network SML (May 29)
- Re: Setting up secure windows xp network James Taylor (May 30)
- RE: Setting up secure windows xp network wjnorth (May 29)
- Re: Setting up secure windows xp network Chris Berry (May 29)