Firewall Wizards mailing list archives
RE: Hardware vs. Software firewall reliability
From: "Lart" <lart () hacksec org>
Date: Fri, 10 Sep 1999 23:29:25 -0400
: Personally speaking, I love watching NT guys shriek in terror as : they watch : me configure an NT box for use with FireWall-1. Since I've now received 5 requests for what exactly I do, I thought the world at large might benefit from this... First, I'll say that Lance Spitzner has an excellent document on stripping NT down. It's at: http://www.enteract.com/~lspitz/nt.html Personally, I always use good firewall rulesets that prohibit just about any kind of direct communication with the NT firewall. Anyhow, here's how I start... 1) Install NT Server 4.0 (my cd comes w/SP1 already installed) 2) rename administrator and guest. Those should be the only 2 accounts on the box. 3) Install all NICs and drivers. 4) SP 5 - 128 bit 5) Go to control panel, network, services tab. Remove all the services there, except SNMP (and only leave SNMP if you want to use the FW-1 system status viewer). If you do this, be absolutely sure to change the community strings. 6) reboot (NT will ask you to). 7) Control Panel, Services. Disable all unneeded services. On a firewall I'm looking at right now, I've got running: Event Log Plug and Play Protected Storage SNMP 8) Control panel, Devices. Disable WINS Client. 9) restrict remote registry access 10) install fw-1
Current thread:
- RE: Hardware vs. Software firewall reliability, (continued)
- RE: Hardware vs. Software firewall reliability Joe Ippolito (Sep 10)
- RE: Hardware vs. Software firewall reliability Jules Veloria (Sep 11)
- RE: Hardware vs. Software firewall reliability Aaron D. Turner (Sep 11)
- RE: Hardware vs. Software firewall reliability Joe Ippolito (Sep 10)
- Re: Hardware vs. Software firewall reliability Bill Pennington (Sep 08)
- Re: Hardware vs. Software firewall reliability Christopher C. Petro (Sep 18)
- Re: Hardware vs. Software firewall reliability David Klann (Sep 08)
- Re: Hardware vs. Software firewall reliability Josh Robb (Sep 08)
- Re: Hardware vs. Software firewall reliability Ryan Russell (Sep 08)
- Re: Hardware vs. Software firewall reliability Marcus J. Ranum (Sep 08)
- RE: Hardware vs. Software firewall reliability Lart (Sep 09)
- RE: Hardware vs. Software firewall reliability Lart (Sep 11)
- RE: Hardware vs. Software firewall reliability Lart (Sep 09)
- Re: Hardware vs. Software firewall reliability Vin McLellan (Sep 09)
- RE: Hardware vs. Software firewall reliability Bill Stout (Sep 09)
- RE: Hardware vs. Software firewall reliability Ryan Russell (Sep 12)
- Tripwire like perl program Siglite (Sep 14)
- RE: Hardware vs. Software firewall reliability dwelch (Sep 14)
- RE: Hardware vs. Software firewall reliability Joe Ippolito (Sep 14)
- RE: Hardware vs. Software firewall reliability Bill Stout (Sep 14)
- RE: Hardware vs. Software firewall reliability Tina Bird (Sep 18)
- RE: Hardware vs. Software firewall reliability Joe Ippolito (Sep 18)
- Re: Hardware vs. Software firewall reliability Chenggong Charles Fan (Sep 18)
(Thread continues...)