OSNN Forum » Windows Support & Discussion » Windows Desktop Systems » Help with security settings
Reply
Old November 24th, 2004 Top | #1
 
sy64004's Avatar
OSNN Addict
Joined: February 2004
Posts: 119
Reputation: 0
Power: 99
Default Help with security settings
I got an email from a friend with some security tweak suggestions. Before I do any of them I'd like to know what they do. Can anyone help to clarify exactly what these tweaks do and what they protect against please???

I ask my friend and he had no idea.

---
Registry Tweaks

HKEY_LOCAL_MACHINE\SOFTWARE \Microsoft\Ole

EnableDCOM = N

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc

DCOM Protocols > Remove ncacn_ip_tcp


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg\AllowedPaths\

Machine > Delete all value data INSIDE this key


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\

Create:
DWORD - MaxCachedSockets = 0


HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanServer\Parameters\

Create:
DWORD - AutoShareServer = 0
DWORD - AutoShareWks = 0

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\NullSession Pipes\

NullSessionPipes > Delete all value data INSIDE this key

NullSessionShares > Delete all value data INSIDE this key


HKEY_LOCAL_MACHINE\ SYSTEM\CurrentControlSet\Services\NetBT\Parameters

TransportBindName = Delete all value data INSIDE this key

Create:
DWORD - SmbDeviceEnabled = 0

other
start > Run: telnet.exe
Type (and press enter): unset ntlm


Start > Connect to > right click account name > Properties > Networking

TCP/IP > Properties > Advanced > WINS

Enable LMhosts lookup = untick
Disable Netbios over TCP/IP = select
---

Thanks in advance
sy64004 is offline   Reply With Quote
Old November 24th, 2004 Top | #2

OSNN Folding Team  
fitz's Avatar
XPista7eopard*ix
Joined: April 2004
Location: Chicagoland
Posts: 4,014
Reputation: 2947
Power: 164
Default
Originally Posted by sy64004
HKEY_LOCAL_MACHINE\SOFTWARE \Microsoft\Ole
EnableDCOM = N
http://msdn.microsoft.com/library/de...m/reg_0w8d.asp
Basically prevents remote users from remotely launching servers or connecting to objects on your machine

Originally Posted by sy64004
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc
DCOM Protocols > Remove ncacn_ip_tcp
I believe this is preventing remote RPC connections.. not 100% sure on that though

Originally Posted by sy64004
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg\AllowedPaths\
Machine > Delete all value data INSIDE this key
Prevents remote access to the registry

Originally Posted by sy64004
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\
Create:
DWORD - MaxCachedSockets = 0
Other than some sites that tell people to create this with no explaination of what it does, I've never heard of this value. The best I can think of looking at the location and key value is when making DNS queries, XP may keep the socket open to the DNS server in case the client makes another request. This value may close the connection when done which would force the client to reopen a connection when it makes another request.

Originally Posted by sy64004
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanServer\Parameters\
Create:
DWORD - AutoShareServer = 0
DWORD - AutoShareWks = 0
This would disable the administrative shares (ie: the hidden c$ share). Note: For XP or Win2k Pro, I believe you only need the AutoShareWks value.. the AutoShareServer value is if you are running win2k3 or win2k Server

Originally Posted by sy64004
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\NullSession Pipes\
NullSessionPipes > Delete all value data INSIDE this key
NullSessionShares > Delete all value data INSIDE this key
This removes access from NullSessions.. among other things, removing access would prevent a remote user from enumerating user accounts and shares on your system.

Originally Posted by sy64004
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters
TransportBindName = Delete all value data INSIDE this key
umm... according to this article http://support.microsoft.com/default...b;en-us;314053 (at the bottom), this key was used for internal development and should not be changed...

Originally Posted by sy64004
Create:
DWORD - SmbDeviceEnabled = 0
This disables DirectHosting and forces incoming connections to use port 139 instead of port 445

Originally Posted by sy64004
start > Run: telnet.exe
Type (and press enter): unset ntlm
easy enough.. turns off NTLM authentication in a telnet session.. Honestly, who uses the built-in telnet client? You should be using a 3rd party telnet client anyway... preferably one that support SSH).

Originally Posted by sy64004
Start > Connect to > right click account name > Properties > Networking
TCP/IP > Properties > Advanced > WINS
Enable LMhosts lookup = untick
Disable Netbios over TCP/IP = select
Unchecking the LMHosts lookup stops the computer from using a local LMHosts file (the NETBIOS equivalant of the hosts file). This could be useful if a trojan/worm/virus/or other attack managed to copy a lmhosts file locally onto your system to redirect outbound requests from your machine to a different host.
Disabling NetBIOS is a good thing if you know what you are doing.

WARNING: Disabling NetBIOS may break your home network!

Disclaimer: I've done most of this off the top of my head.. I may be wrong on some issues.. and I'm sure someone else here will correct me if I am.

--fitz
fitz is offline   Reply With Quote
Old November 25th, 2004 Top | #3
 
sy64004's Avatar
OSNN Addict
Joined: February 2004
Posts: 119
Reputation: 0
Power: 99
Default
Thanks Fitz for the info. I have always disabled the netbios service and I don't have a home network so this setting should be ok, right???
sy64004 is offline   Reply With Quote
Old November 25th, 2004 Top | #4
 
perris's Avatar
OSNN Godlike Veteran
Joined: January 2002
Location: new york
Posts: 12,231
Reputation: 4333
Power: 288
Default
I can't imagine why these values wouldn't be included in sp2 if they had merrit
IT'S NOT WHAT YOU'VE DONE IT'S WHAT YOU ARE GOING TO DO
perris is offline   Reply With Quote
Old November 25th, 2004 Top | #5
 
sy64004's Avatar
OSNN Addict
Joined: February 2004
Posts: 119
Reputation: 0
Power: 99
Default
Originally Posted by perris
I can't imagine why these values wouldn't be included in sp2 if they had merrit
This is why I'm asking for peoples help/ opinions on these settings.

Are they going into Paranoidville or are they actually worth doing???

I'm not on a home network, I have a crappy dial up connection with ZA pro at default settings so if anyone can give me some pointers I'd be very greatful
sy64004 is offline   Reply With Quote
Old November 25th, 2004 Top | #6
 
perris's Avatar
OSNN Godlike Veteran
Joined: January 2002
Location: new york
Posts: 12,231
Reputation: 4333
Power: 288
Default
on dialup you have no worries...your za pro and antivirus is plenty

if you want to batten down your box, have a look here
IT'S NOT WHAT YOU'VE DONE IT'S WHAT YOU ARE GOING TO DO
perris is offline   Reply With Quote
Old November 25th, 2004 Top | #7
 
sy64004's Avatar
OSNN Addict
Joined: February 2004
Posts: 119
Reputation: 0
Power: 99
Default
spotted that last night mate. downloaded but only had a quick glance through. Thanks for thew heads up
sy64004 is offline   Reply With Quote

Reply

Bookmarks

« Previous Thread | Next Thread »
Thread Tools

Posting Rules

Similar Threads
Thread Thread Starter Forum Replies Last Post
Security Settings austinsandford Windows Desktop Systems 14 July 18th, 2007 4:47pm
Adobe Flash Security Settings kcnychief Windows Desktop Systems 5 January 4th, 2007 4:20pm
Internet Security Settings tinymonkey Windows Desktop Systems 7 January 2nd, 2004 10:20pm
Restoring XP default security settings kevz Windows Desktop Systems 3 April 15th, 2002 9:55pm
Security Settings WorldWarGeneral Windows Desktop Systems 3 February 23rd, 2002 2:20pm

Privacy Statement - Top