Help with security settings

Discussion in 'Windows Desktop Systems' started by sy64004, Nov 23, 2004.

  1. sy64004

    sy64004 OSNN Addict

    Messages:
    119
    I got an email from a friend with some security tweak suggestions. Before I do any of them I'd like to know what they do. Can anyone help to clarify exactly what these tweaks do and what they protect against please???

    I ask my friend and he had no idea.

    ---
    Registry Tweaks

    HKEY_LOCAL_MACHINE\SOFTWARE \Microsoft\Ole

    EnableDCOM = N

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc

    DCOM Protocols > Remove ncacn_ip_tcp


    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg\AllowedPaths\

    Machine > Delete all value data INSIDE this key


    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\

    Create:
    DWORD - MaxCachedSockets = 0


    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanServer\Parameters\

    Create:
    DWORD - AutoShareServer = 0
    DWORD - AutoShareWks = 0

    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\NullSession Pipes\

    NullSessionPipes > Delete all value data INSIDE this key

    NullSessionShares > Delete all value data INSIDE this key


    HKEY_LOCAL_MACHINE\ SYSTEM\CurrentControlSet\Services\NetBT\Parameters

    TransportBindName = Delete all value data INSIDE this key

    Create:
    DWORD - SmbDeviceEnabled = 0

    other
    start > Run: telnet.exe
    Type (and press enter): unset ntlm


    Start > Connect to > right click account name > Properties > Networking

    TCP/IP > Properties > Advanced > WINS

    Enable LMhosts lookup = untick
    Disable Netbios over TCP/IP = select
    ---

    Thanks in advance :cool:
     
  2. fitz

    fitz Just Floating Along Staff Member Political User Folding Team

    Messages:
    4,076
    Location:
    Chicagoland
    http://msdn.microsoft.com/library/default.asp?url=/library/en-us/com/htm/reg_0w8d.asp
    Basically prevents remote users from remotely launching servers or connecting to objects on your machine

    I believe this is preventing remote RPC connections.. not 100% sure on that though

    Prevents remote access to the registry

    Other than some sites that tell people to create this with no explaination of what it does, I've never heard of this value. The best I can think of looking at the location and key value is when making DNS queries, XP may keep the socket open to the DNS server in case the client makes another request. This value may close the connection when done which would force the client to reopen a connection when it makes another request.

    This would disable the administrative shares (ie: the hidden c$ share). Note: For XP or Win2k Pro, I believe you only need the AutoShareWks value.. the AutoShareServer value is if you are running win2k3 or win2k Server

    This removes access from NullSessions.. among other things, removing access would prevent a remote user from enumerating user accounts and shares on your system.

    umm... according to this article http://support.microsoft.com/default.aspx?scid=kb;en-us;314053 (at the bottom), this key was used for internal development and should not be changed...

    This disables DirectHosting and forces incoming connections to use port 139 instead of port 445

    easy enough.. turns off NTLM authentication in a telnet session.. Honestly, who uses the built-in telnet client? You should be using a 3rd party telnet client anyway... preferably one that support SSH).

    Unchecking the LMHosts lookup stops the computer from using a local LMHosts file (the NETBIOS equivalant of the hosts file). This could be useful if a trojan/worm/virus/or other attack managed to copy a lmhosts file locally onto your system to redirect outbound requests from your machine to a different host.
    Disabling NetBIOS is a good thing if you know what you are doing.

    WARNING: Disabling NetBIOS may break your home network!

    Disclaimer: I've done most of this off the top of my head.. I may be wrong on some issues.. and I'm sure someone else here will correct me if I am.

    --fitz
     
  3. sy64004

    sy64004 OSNN Addict

    Messages:
    119
    Thanks Fitz for the info. I have always disabled the netbios service and I don't have a home network so this setting should be ok, right???
     
  4. Perris Calderon

    Perris Calderon Moderator Staff Member Political User

    Messages:
    12,332
    Location:
    new york
    I can't imagine why these values wouldn't be included in sp2 if they had merrit
     
  5. sy64004

    sy64004 OSNN Addict

    Messages:
    119
    This is why I'm asking for peoples help/ opinions on these settings.

    Are they going into Paranoidville or are they actually worth doing???

    I'm not on a home network, I have a crappy dial up connection with ZA pro at default settings so if anyone can give me some pointers I'd be very greatful :cool:
     
  6. Perris Calderon

    Perris Calderon Moderator Staff Member Political User

    Messages:
    12,332
    Location:
    new york
    on dialup you have no worries...your za pro and antivirus is plenty

    if you want to batten down your box, have a look here
     
  7. sy64004

    sy64004 OSNN Addict

    Messages:
    119
    spotted that last night mate. downloaded but only had a quick glance through. Thanks for thew heads up