RE: Harden a windows network

["John McCracken" <john () mccrackenassociates com>]

The following are some of the references I use on occasion. There are many
other good hardening lists, some of which I post at:
http://www.mccrackenassociates.com/links/microsoft.htm  

Windows 2000 Server Baseline Security Checklist:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/
tools/chklist/w2ksvrcl.asp

Windows 2000 Professional Baseline Security Checklist:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/
tools/chklist/w2kprocl.asp

SANS/FBI Top 20 List:
http://www.sans.org/top20/

Harding Windows 2000 by Philip Cox (PDF)
http://www.systemexperts.com/tutors/HardenW2K101.pdf

LabMice Windows 2000 Security Checklist
http://www.labmice.net/articles/securingwin2000.htm 

Thanks!
John McCracken



-----Original Message-----
From: Simon and Sara Zuckerbraun [mailto:szucker () rcn com] 
Sent: Tuesday, December 30, 2003 8:04 PM
To: security-basics () securityfocus com
Subject: RE: Harden a windows network

I'm sure that there are a great many hardening steps which would provide an
even greater level of defense...

Two I can think of off the top of my head is to examine the following
security options on each machine:

"Additional restrictions for anonymous connections" - set to "no access
without explicit anonymous permissions"

"LAN Manager authentication level" - set to "Send NTLM response only" or
stronger

You can find both of these in Local Security Policy. (Exact names may vary a
bit depending on which version of Windows you're running.)

Perhaps someone else on this list can recommend a resource with a
comprehensive list of such steps?

Simon
szucker () rcn com





-----Original Message-----
From: mosquitooth () gmx net [mailto:mosquitooth () gmx net] 
Sent: Thursday, December 25, 2003 11:05 AM
To: security-basics () securityfocus com
Subject: Harden a windows network



Hi

I own three PCs (Windows)that are linked by cable to a Netgear WGT624 WLAN-
router and one notebook that access the internet via WLAN. Now, to secure my
network I have done the following:

- all latest patches on all systems
- every system has got a personal firewall (sygate)
- every system has got a anti-virus software (up to date)
- for WLAN: - WPA is activated
            - ACL for MAC- addresses is set, so that only my notebook can
              access the network
            - SSID broadcast is OFF

Did I forget anything useful to harden this network?
The problem is, that my neighbour also bought WLAN equipment *ugghh* so I
really need outside and inside security!

Thanks and a happy new year

mosquitooth

---------------------------------------------------------------------------
----------------------------------------------------------------------------




---------------------------------------------------------------------------
----------------------------------------------------------------------------





---------------------------------------------------------------------------
----------------------------------------------------------------------------