RE: Harden a windows network

["Simon and Sara Zuckerbraun" <szucker () rcn com>]

I'm sure that there are a great many hardening steps which would provide an
even greater level of defense...

Two I can think of off the top of my head is to examine the following
security options on each machine:

"Additional restrictions for anonymous connections" - set to "no access
without explicit anonymous permissions"

"LAN Manager authentication level" - set to "Send NTLM response only" or
stronger

You can find both of these in Local Security Policy. (Exact names may vary a
bit depending on which version of Windows you're running.)

Perhaps someone else on this list can recommend a resource with a
comprehensive list of such steps?

Simon
szucker () rcn com





-----Original Message-----
From: mosquitooth () gmx net [mailto:mosquitooth () gmx net] 
Sent: Thursday, December 25, 2003 11:05 AM
To: security-basics () securityfocus com
Subject: Harden a windows network



Hi

I own three PCs (Windows)that are linked by cable to a Netgear WGT624 WLAN-
router and one notebook that access the internet via WLAN. Now, to secure my
network I have done the following:

- all latest patches on all systems
- every system has got a personal firewall (sygate)
- every system has got a anti-virus software (up to date)
- for WLAN: - WPA is activated
            - ACL for MAC- addresses is set, so that only my notebook can
              access the network
            - SSID broadcast is OFF

Did I forget anything useful to harden this network?
The problem is, that my neighbour also bought WLAN equipment *ugghh* so I
really need outside and inside security!

Thanks and a happy new year

mosquitooth

---------------------------------------------------------------------------
----------------------------------------------------------------------------




---------------------------------------------------------------------------
----------------------------------------------------------------------------