Security Basics mailing list archives
RE: information harvesting from within the network
From: D Adler <dadler_grd-secfoc () yahoo com>
Date: Fri, 20 May 2005 16:01:28 -0700 (PDT)
I would have to agree with Jason that a GPO is going to be of little use to you. You'll be better off with a IDS/IPS system that can shut down the network port of the suspicious machine when it detects unusual behavior . If you are a cisco shop, cisco is making inroads in this direction. I am certain there are other solutions available as well, I am just not as familliar with them. regards, dave --- "Beauford, Jason" <jbeauford () EightInOnePet com> wrote:
Within a Windows Environment, I'd recommend using the Microsoft Baseline Security Analyzer to identify the weak links in your Windows deployment. Nice thing about it is it give you the MS recommended resolutions. Things like denying Anonymous Enumeration. As far as GPO's go, in a University environment, your networked PC's are most likely not part of the domain, but rather just College students and therefore your GPO's will have no effect on their particular units. However, you should deploy GPO's to lockdown those PC's within your domain. Again, the MS BSA tool will help you ID some issues and supply solutions.
http://www.microsoft.com/technet/security/tools/mbsahome.mspx
If you need GPO recommendations, you can check Microsoft's site for Hardening Windows Clients in a Windows Server Environment, or there are NIST docs. Here are some links to get you going:
http://www.microsoft.com/smallbusiness/gtm/securityguidance/articles/sec
_winxp_pro_server_env.mspx
http://www.microsoft.com/technet/security/smallbusiness/prodtech/windows
2000/sec_win2000_pro_server_env.mspx
http://csrc.nist.gov/publications/nistpubs/index.html
Good Luck! -JMB -----Original Message----- From: ddjjembe 2 [mailto:ddjjembe2 () hotmail com] Sent: Thursday, May 19, 2005 10:40 PM To: security-basics () securityfocus com Subject: information harvesting from within the network Background: I work in a university that has university typical security practices. Currently any authenticated user can scan the parts of the network with tools like LANguard or Nessus and obtain a considerable amount of information from them. Most of the computers in our network are windows computers. We also have departments with MACs and *nix machines. Goal: If possible, lock down the Windows computers with group policies and/or templates to disable this potential unauthorized information harvesting users and then restrict scanning ability to the security group with LDAP permissions. Am I on the right track here? I would like to achieve this without using a host based firewall. Group policies have large pool of settings to pick from. Narrowing it down to a few that disable at least portions would be appreciated. Thanks, ddjembe
_________________________________________________________________
Don't just search. Find. Check out the new MSN Search!
http://search.msn.click-url.com/go/onm00200636ave/direct/01/
Current thread:
- information harvesting from within the network ddjjembe 2 (May 20)
- RE: information harvesting from within the network Jason Lopez (May 23)
- Re: information harvesting from within the network Alexander Klimov (May 23)
- <Possible follow-ups>
- RE: information harvesting from within the network Beauford, Jason (May 20)
- RE: information harvesting from within the network D Adler (May 23)
- RE: information harvesting from within the network Andrew Shore (May 23)
- Re: information harvesting from within the network Micheal Espinola Jr (May 24)
- Re: information harvesting from within the network Henry Anslinger (May 26)