TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems!
----------------------------------------------------------------------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
There seems to be at least one problem with these directions: the 3D
Pipes screen Saver. OpenGL screen savers are notorious resource hogs,
and should never even be installed, hence not activated, on any NT
system that needs a secure console and do any background processing.
I have seen servers brought to their knees in this manner in the
past.
System Scanner is mentioned in the directions, I presume, because
this was what these directions were originally intended for. I'd say
a scan left to run on this system in screen saver mode wouldn't
finish even a small network for quite a while. RealSecure would
probably miss a lot of stuff like that.
My $.02 . . .
BTW, I've never tried the install without network, but I'm assuming
that the author of the original directions or the recent post has
tried it, so I'll go on faith with that one. It's about the same as
backing out the Server service after the fact. There are issues that
can arise with pesky dialogs and deletion of the Workstation service,
but I'm not sure how that relates to the method outlined below. I'll
give it a whirl as soon as I have need. I'll try anything once,
especially if it teaches me something. Thanx for the post!!
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
R. Michael Williams, CISSP, CCNA, MCSE
Senior Network Consultant
Inacom Information Systems
Nashville, TN
- -----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf
Of
[EMAIL PROTECTED]
Sent: Friday, March 24, 2000 12:05 PM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: NT 4.0 armoring prior to Real Secure installation
TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your
message to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any
problems!
- ----------------------------------------------------------------------
- -----
There was a thread on this issue 6 months ago. Based on the
information I took the following steps to harden my NT RealSecure
Engines. They have be running in this configuration for about 5
months. I think the most important step in hardening the workstation
was NOT intsalling the NT Network. RealSecure and the Consol works
fine without being part of the network. I am willing to walk to the
computer room when I need to work with the engines.
reformat c:
change setup to boot from CD_ROM
cntl_alt_del;f2;alt P;
Boot from CD_ROM NT workstation CD
delete particion
create new particion: 2047
format particion using NTFS
Install NT4.
- - Setup Options: custom
- - Select Componets: Accesories only
- - Network:Do not connect.
- - Overwrite newer files: yes
Interface Drivers
- - Control Pannel; Network;
Install Sercive Pack 4 128 bit encryption
3 Install 3com eithernet card "3com fast Etherlink XL NIC (3c905B-tx)
NT Network is not install do you want to install: no
tab: Adapters:add;have disk; 3cometherlink CD
tab: proticals: add(button): select(window) tcp/ip
Warning window if there is a DHCP server...;no(button).
properties(button);
5 Remove uneeded stuff.
control panal;add/remove
remove
music control
outlook express
microsoft wallet
VDOLive Player
5. implement secure screen saver.
control panel; display; screensaver(tab);3d pipes (window); password
(check box);
wait 15 minutes (drop box)
6. Implement protocal security
control pannel; network; no(button);
protocols(tab);properties(button); advance(button);
enable security(check);configure (button);
"TCP Ports"; permit only (check) add (button);
TCP port (window)"2998"; add (button)
TCP port (window)"901"; add (button).
TCP port (window) "80"; add (button)
"UDP Ports"; permit only (check)
"IP Protocols"; permit only (check) add (button);
IP Protocol (window)"6"; add (button)
8 Disable unneeded services
services;tcp/ip netbios helperstartup;disable
9 Delete unneeded icons: mail & briefcase
desktop highlight and delete.
10. Install run system scanner 1.1
- ----------------------------------------------------------------
Get your free email from AltaVista at http://altavista.iname.com
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.1 for non-commercial use <http://www.pgp.com>
iQA/AwUBON8OvVeNe+8UfuD4EQKoGwCeIV3ZHEg3eakIuicEiDtL4Wb09jAAoIOZ
8qhIqbDunjPl7hAEcVD4XepJ
=L1Cu
-----END PGP SIGNATURE-----
