I personally would check out a few different Windows hardening resources: http://www.nsa.gov/snac/index.html for NSA snac guides (NOTE: I would take extreme care and caution when utilizing these guides, as they are known to break systems very easily).
http://www.systemsexperts.com/literature.html systems experts have some good guidance http://www.microsoft.com/technet/treeview/default.asp?url=/technet/secur ity/prodtech/windows/secwin2k/default.asp And you can always rely on MS to provide you with quite a bit of fluff, but there's still some good info there as well. When hardening using the Windows templates from NSA, I would caution you to make sure you do a full analysis on what it will lock down, you'll end up finding out later on that some of the services (i.e. COM+, WMI etc) are needed for certain applications. As far as a software based firewall, I did a trade analysis on host-based firewalls a few weeks back, and Norton personal firewall stood out to be a very good app. Only problem is it has more granular control then say (BlackICE, McAfee, Tiny Firewall, Zone Alarm, Sygate etc. etc.). You may find it a bit more difficult to control, however, once you understand it, it is actually a very effective firewall, and even has built-in IDS rules that can be used. You just have to figure out how to use it. ;-) -Wesley North Senior Information Systems Security Engineer BAE SYSTEMS, MISSION SOLUTIONS [EMAIL PROTECTED] -----Original Message----- From: James Taylor [mailto:[EMAIL PROTECTED] Sent: Tuesday, May 27, 2003 5:39 PM To: 'SML'; [EMAIL PROTECTED] Subject: RE: Setting up secure windows xp network Hi Anna, This will be considered a bit of a crappy solution by most sec professionals, but for your network and, sorry if this is incorrect, level of perceived expertise, it might be suitable. You do need some protection that you can easily manage. I suspect that both Norton and Mcaffee would work, but need a level of tweaking though. Who not look at the commercial versions of Zone Alarm? Then just modify the outgoing traffic to allow what traffic you want and add your (external?) mail and DNS servers to the 'trusted zones". It's not great but you should be able to scan yourself (scan.sygate.com) and find yourself protected. There is a wealth of information and help through the Zone Labs forums. You might also want to load Zone Alarm (not the free version) on the individual workstations. Then run the MS Baseline Security Analyser to check and recommend tightening the gateway. http://www.microsoft.com/technet/treeview/default.asp?url=/TechNet/Secur ity/tools/tools/MBSAHome.ASP Regards James --- Lachlan McGill <[EMAIL PROTECTED]> wrote: > As a very simple method, you can try just blocking ports > on the network card > level in its TCP/IP properties. This is very simple and > also not necessarily > the most secure. > > You should be able to get some success with third party > apps such as > Nortons, Mcafee and Zone Alarm. Its just a matter of configuring them > properly to suit your setup. > > > -----Original Message----- > From: SML [mailto:[EMAIL PROTECTED] > Sent: Friday, 23 May 2003 12:57 AM > To: [EMAIL PROTECTED] > > Hello list. > I'm in the process of securing Windows xp prof network, consisting of > 5 computers. > We use "workgroup" configuration. > Also the computers are conected to internet through > windows 2000 gateway > computer with 2 network cards, where one card connects to > ADSL router. NAT > software is in place on the gateway. > I'd much appreciate if somebody could point me to the > internet recourses, or > give advise on how to make the most of windows own > security features, > policies etc. Also what software firewall could we use on > the gateway, since > after trying norton and mcaffe firewals, we couldn't > access the intrenet. > > Thanks, > Anna > > > > ------------------------------------------------------------------------ --- > Thinking About Security Training? You Can't Afford Not > To! > > Vigilar's industry leading curriculum includes: Security > +, Check Point, > Hacking & Assessment, Cisco Security, Wireless Security & more! > Register Now! > --UP TO 30% off classes in select cities-- > http://www.securityfocus.com/Vigilar-security-basics > ------------------------------------------------------------------------ ---- > > > ------------------------------------------------------------------------ --- > ------------------------------------------------------------------------ ---- > __________________________________ Do you Yahoo!? The New Yahoo! Search - Faster. Easier. Bingo. http://search.yahoo.com ------------------------------------------------------------------------ --- ------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
