Firewall Wizards mailing list archives
Re: How to Secure Windows? was How to Save the World
From: "Dave Piscitello" <dave () corecom com>
Date: Wed, 22 Dec 2004 12:32:25 -0500
On 21 Dec 2004 at 16:25, Paul D. Robertson wrote:
On Mon, 20 Dec 2004, Dave Piscitello wrote:If you want a cheat sheet - or a template on which to baseline what your organization ultimately decides is its security policy - then visit the Center for Internet Security (cisecurity.org), download the security benchmarking tool and dozen or so templates, and RTFM that accompanies it.That _would_ be useful, if it weren't for the fact that I can only use it on a single computer. If, I wanted to use their tools as a consultant, it'd cost me $11,000 per year! While that might be ok for E&Y, it's a little steep for PDR ;)
The tool is trivial and frankly, I don't think it's worth the trouble to scan PCs simply to see if you score a 10 - BTW, the best I could ever manage was an 9 something because a 10 means you don't actually use most of Windows:-). But the process of configuring a security policy they painstakingly describe using local policy editing and assessment via the MMC snap- in is instructive and helpful. I suspect you would find the security templates good guidelines, but not perfectly suited for what you want, and they can't very well charge you for templates NSA and others defined.
Any idea if you can make Windows *not* dynamically accept ARP entires and rely only on static entries in the table?
Not easily. Dynamic *and* static arp entries you create expire when you reboot, so you have to work around this. If you want a hack, you could run a script at startup that uses the DOS arp command to set static arp entries for all the entries you really want on your subnet, and also sets the unused IPs to a non- existent MAC or local MAC? Assuming you're on a "C" equivalent or splinter, it's a modest number of lines of script, yes? I thought to google this notion and found these folks suggested the same thing: http://www.kbeta.com/Ktips/TCPIPTroubleshooting.htm "For persistent static ARP cache entries, you must create a batch file run from the Startup group." Anyway, if you take the trouble to write the script, send me a copy:-) _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- How to Secure Windows? was How to Save the World MHawkins (Dec 13)
- Re: How to Secure Windows? was How to Save the World Devdas Bhagat (Dec 13)
- Re: How to Secure Windows? was How to Save the World Kevin Sheldrake (Dec 14)
- Re: How to Secure Windows? was How to Save the World Dave Piscitello (Dec 21)
- Re: How to Secure Windows? was How to Save the World Paul D. Robertson (Dec 23)
- Re: How to Secure Windows? was How to Save the World Dave Piscitello (Dec 26)
- Re: How to Secure Windows? was How to Save the World Paul D. Robertson (Dec 27)
- Re: How to Secure Windows? was How to Save the World Barney Wolff (Dec 26)
- Re: How to Secure Windows? was How to Save the World Paul D. Robertson (Dec 27)
- Re: How to Secure Windows? was How to Save the World Paul D. Robertson (Dec 23)
- Re: How to Secure Windows? was How to Save the World Mark (Dec 26)
- Re: How to Secure Windows? was How to Save the World Paul D. Robertson (Dec 27)
- Re: How to Secure Windows? was How to Save the World Devdas Bhagat (Dec 13)
- <Possible follow-ups>
- Re: How to Secure Windows? was How to Save the World Keith A. Glass (Dec 13)