NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > FOCUS-MS> 2003-q4

RE: TCP/IP Stack Hardening

From: dave kleiman (daveisecureu.com)
Date: Sun Dec 21 2003 - 00:54:12 CST

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

James,

I posted this a while back (but I think it was on iislists) maybe that is
the one you are referring too. My old e-mail was davenetmedic.net.

We have most of those on all of our servers, epically if they are in the DMZ
with absolutely no degradation in performance. Maybe Aran just applied them
improperly.

If you actually take the time to read and understand what each one does,
many of them would increase performance.

I will not waste the list time with a play by play but you can read some of
them at: http://support.microsoft.com/default.aspx?scid=kb;en-us;120642

_______________________________
Dave Kleiman, CISSP, MCSE, CIFI
daveisecureu.com
www.SecurityBreachResponse.com

"High achievement always takes place in the framework of high expectation."
Jack Kinder

-----Original Message-----
From: Hoffmann, Aran [mailto:AHoffmanncta.net]
Sent: Friday, December 19, 2003 15:12
To: focus-mssecurityfocus.com
Subject: RE: TCP/IP Stack Hardening

I used to work in a data center with high security requirements and we
applied all the referenced tcp/ip hardening to our Win2k servers. The
results? Crappy network performance and file transfer timeouts but boy were
we secure. As soon as we removed the hardening the network performance
problems went away.

-----Original Message-----
From: James Bowman [mailto:jimdrexel.edu]
Sent: Friday, December 19, 2003 9:03 AM
To: focus-mssecurityfocus.com
Subject: TCP/IP Stack Hardening

Wondering if anyone has experienced issues after hardening the TCP/IP stack
under Win2K server?

Specifically, I'm wondering about the potential impact of applying:

(pulled from previous posts - don't recall the original poster, but
thanks...)

HKLM\System\CurrentControlSet\Services\AFD\Parameters\DynamicBacklogGrow
thDelta Dword:A
HKLM\System\CurrentControlSet\Services\AFD\Parameters\EnableDynamicBackl

---------------------------------------------------------------------------
---------------------------------------------------------------------------

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]