Security Basics mailing list archives
RE: Harden a windows network
From: "John McCracken" <john () mccrackenassociates com>
Date: Wed, 31 Dec 2003 13:06:59 -0600
The following are some of the references I use on occasion. There are many other good hardening lists, some of which I post at: http://www.mccrackenassociates.com/links/microsoft.htm Windows 2000 Server Baseline Security Checklist: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/ tools/chklist/w2ksvrcl.asp Windows 2000 Professional Baseline Security Checklist: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/ tools/chklist/w2kprocl.asp SANS/FBI Top 20 List: http://www.sans.org/top20/ Harding Windows 2000 by Philip Cox (PDF) http://www.systemexperts.com/tutors/HardenW2K101.pdf LabMice Windows 2000 Security Checklist http://www.labmice.net/articles/securingwin2000.htm Thanks! John McCracken -----Original Message----- From: Simon and Sara Zuckerbraun [mailto:szucker () rcn com] Sent: Tuesday, December 30, 2003 8:04 PM To: security-basics () securityfocus com Subject: RE: Harden a windows network I'm sure that there are a great many hardening steps which would provide an even greater level of defense... Two I can think of off the top of my head is to examine the following security options on each machine: "Additional restrictions for anonymous connections" - set to "no access without explicit anonymous permissions" "LAN Manager authentication level" - set to "Send NTLM response only" or stronger You can find both of these in Local Security Policy. (Exact names may vary a bit depending on which version of Windows you're running.) Perhaps someone else on this list can recommend a resource with a comprehensive list of such steps? Simon szucker () rcn com -----Original Message----- From: mosquitooth () gmx net [mailto:mosquitooth () gmx net] Sent: Thursday, December 25, 2003 11:05 AM To: security-basics () securityfocus com Subject: Harden a windows network Hi I own three PCs (Windows)that are linked by cable to a Netgear WGT624 WLAN- router and one notebook that access the internet via WLAN. Now, to secure my network I have done the following: - all latest patches on all systems - every system has got a personal firewall (sygate) - every system has got a anti-virus software (up to date) - for WLAN: - WPA is activated - ACL for MAC- addresses is set, so that only my notebook can access the network - SSID broadcast is OFF Did I forget anything useful to harden this network? The problem is, that my neighbour also bought WLAN equipment *ugghh* so I really need outside and inside security! Thanks and a happy new year mosquitooth --------------------------------------------------------------------------- ---------------------------------------------------------------------------- --------------------------------------------------------------------------- ---------------------------------------------------------------------------- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- RE: Harden a windows network John McCracken (Jan 02)
- <Possible follow-ups>
- RE: Harden a windows network bsec (Jan 02)