RE: NT 4.0 armoring prior to Real Secure installation -reply

[Stewart, Andrew (ISSAtlanta)]

TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED]  Contact [EMAIL PROTECTED] for help with any problems!
----------------------------------------------------------------------------



http://people.hp.se/stnor/


> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> Sent: Friday, March 24, 2000 2:31 PM
> To: [EMAIL PROTECTED]
> Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
> Subject: Re: NT 4.0 armoring prior to Real Secure installation -reply
> 
> 
> 
> TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of 
> your message to
> [EMAIL PROTECTED]  Contact [EMAIL PROTECTED] for help 
> with any problems!
> --------------------------------------------------------------
> --------------
> 
> I think there is a documented process somewhere in the ISS 
> Archives or I 
> have it.. I can't remember, but they are very detailed in nature..
> 
> /m
> 
> 
> 
> 
> [EMAIL PROTECTED]
> Sent by: [EMAIL PROTECTED]
> 03/24/00 10:04 AM
> 
>  
>         To:     [EMAIL PROTECTED]
>         cc:     [EMAIL PROTECTED]
>         Subject:        NT 4.0 armoring prior to Real Secure 
> installation
> 
> 
> 
> TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of 
> your message 
> to
> [EMAIL PROTECTED]  Contact [EMAIL PROTECTED] for help with any 
> problems!
> --------------------------------------------------------------
> --------------
> 
> There was a thread on this issue 6 months ago.  Based on the 
> information I 
> took the following steps to harden my NT RealSecure Engines.  
> They have be 
> running in this configuration for about 5 months.  I think the most 
> important step in hardening the workstation was NOT intsalling the NT 
> Network.  RealSecure and the Consol works fine without being 
> part of the 
> network. I am willing to walk to the computer room when I 
> need to work 
> with the engines.
> 
> 
> reformat c:
> change setup to boot from CD_ROM
> cntl_alt_del;f2;alt P;
> Boot from CD_ROM NT workstation CD
> delete particion
> create new particion: 2047
> format particion using NTFS
> 
> Install NT4.
> 
> - Setup Options: custom
> - Select Componets: Accesories only
> - Network:Do not connect.
> - Overwrite newer files: yes
> Interface Drivers
> - Control Pannel; Network;
> 
> 
> Install Sercive Pack 4 128 bit encryption
> 3 Install 3com eithernet card "3com fast Etherlink XL NIC (3c905B-tx)
>         NT Network is not install do you want to install: no
>           tab: Adapters:add;have disk; 3cometherlink CD
>           tab: proticals: add(button): select(window) tcp/ip
>                 Warning window if there is a DHCP 
> server...;no(button).
>                 properties(button);
> 
> 5 Remove uneeded stuff.
>         control panal;add/remove
>                 remove
>                 music control
>                 outlook express
>                 microsoft wallet
>                 VDOLive Player
> 5. implement secure screen saver.
>         control panel; display; screensaver(tab);3d pipes (window); 
> password (check box);
>                 wait 15 minutes (drop box)
> 6. Implement protocal security
>         control pannel; network; no(button); 
> protocols(tab);properties(button); advance(button);
>         enable security(check);configure (button);
>                 "TCP Ports"; permit only (check) add (button);
>                         TCP port (window)"2998"; add (button)
>                         TCP port (window)"901"; add (button).
>                         TCP port (window) "80"; add (button)
>                 "UDP Ports"; permit only (check)
>                 "IP Protocols"; permit only (check) add (button);
>                         IP Protocol (window)"6"; add (button)
> 
> 
> 
> 8 Disable unneeded services
>         services;tcp/ip netbios helperstartup;disable
> 9 Delete unneeded icons: mail & briefcase
>         desktop highlight and delete.
> 10. Install run system scanner 1.1
> 
> 
> ----------------------------------------------------------------
> Get your free email from AltaVista at http://altavista.iname.com
> 
> 
> 
> 
> 
>