thats a nice list of pointers also try iptables.org etc to setup free firewalls use port sentry to listen & block ports etc. your best friend is google web & groups. read read read regards dp
----- Original Message ----- From: "Bejon Parsinia" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Friday, March 22, 2002 12:03 AM Subject: RE: win 2k | Talk about a loaded question. | | First of all, make sure you have a firewall on your network with solid rules | blocking all ports and allowing only the ones you need to access your | network open. And then only to selected IP Addresses (via NAT). You may | even want to consider rolling out software firewalls and make sure you have | good AntiVirus software throughout your network. | | Then, scan your network with something like Nessus (www.nessus.org), | LanGuard (www.gfi.com), or the Cisco Scanner (www.cisco.com *Commercial App | running about $500). This should give you a fairly complete report of what | is open on each device in terms of ports/services. Close up ports that you | don't need. | | Don't stop there. Do a system by system audit (Servers and Workstations, | they are all vulnerable). Document what software is running, what services | are running. Then, get rid of anything that is unwanted or unneeded. You | don't want to keep spending CPU cycles on something you don't use that can | be a security threat. | | Now, in terms of a tool to use, I point you right back at the OS you are | running. Sit down and think seriously about implementing stronger policies. | The stronger they are, the harder you are to hack. | | A great book on the subject of securing Win2k is Hacking Windows 2000 | Exposed (www.hackingexposed.com). Read it, it will scare the hell out of | you yet really help you lock down your network. Patch all OS'es with the | latest SP's and Hotfixes. Stay on top of this for all servers AND | WORKSTATIONS. | | Lastly, consider installing a program like Snort (www.snort.org) as a | Network Intrusion Detection System (NIDS). These are usually implemented in | front of the firewall, in a DMZ and behind the firewall. But at the very | minimum, install one behind the firewall to see what traffic is on the local | wire. | | A lot of work? Yes, securing a network often is. There is no one way to | keep a system from being hacked. AND, with all I have suggested here, you | can still be hacked. But this makes it much tougher. | | Good luck,
