On Sat, Jun 19, 1999 at 08:58:47PM -0400, Don Kelloway wrote:
> 4. Apply the appropriate registry tweaks to tighten it further.
URL(s) appreciated.
> 6. Click TCP/IP protocol, don't use WINs, don't use LMHOSTS, don't use DNS.
Where goes your web server, mail server, etc.? In front or behind the
firewall?
> 9. Then go to Control Panel | Services and set the Startup option for
> everything 'cept Event Log, Plug and Play, and RPC to "disabled". Reboot
What OS functionality requires RPC, given that you are building a
hardened host? (I seem to recall MS RPC has some nice, ah, security-
unfriendly features.)
I'd imagine plug-and-play should be off.
> 10. Install a firewall, one that binds it's *own* IP stack to the external
> NIC.
But leave the internal NIC bound to MS's stack? If the vendor's stack
is good enough for the external NIC, it is good enough for the internal
NIC, no?
What make a vendor's stack inherently more secure than MS's? If the stack
is less used than MS's, it has had less opportunities to shake out its
bugs. (Instead of a chorus, it might give you a crescendo. ;-)
Cheers.
--
Ng Pheng Siong <[EMAIL PROTECTED]>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
