Re: TCP/IP Stack Hardening

From: Tod Beardsley (todb_at_planb-security.net)
Date: 12/20/03

Next message: Frank Knobbe: "RE: TCP/IP Stack Hardening"

Previous message: Jeffrey D. Hawley: "RE: FW: Local Security Policy"
In reply to: Hoffmann, Aran: "RE: TCP/IP Stack Hardening"
Next in thread: Frank Knobbe: "RE: TCP/IP Stack Hardening"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: focus-ms@securityfocus.com
Date: Fri, 19 Dec 2003 17:11:56 -0600

Hoffmann, Aran wrote:

> The results? Crappy network performance and file transfer timeouts
> but boy were we secure. As soon as we removed the hardening the
> network performance problems went away.

Systematic troubleshooting would have likely solved your timeout
problems. The majority of these keys won't have a lot of / any impact
on normal network performance, all things being equal. Incidentally,
changing some key defaults will not only quote-secure-unquote your
stack, but will also stymie pretty much every TCP-based OS
profiler/fingerprinter around. Which is cool.

-- 
"It's okay to yell 'fire' in a crowded theater
if the theater is actually on fire."
Tod Beardsley | www.planb-security.net
---------------------------------------------------------------------------
---------------------------------------------------------------------------

Next message: Frank Knobbe: "RE: TCP/IP Stack Hardening"

Previous message: Jeffrey D. Hawley: "RE: FW: Local Security Policy"
In reply to: Hoffmann, Aran: "RE: TCP/IP Stack Hardening"
Next in thread: Frank Knobbe: "RE: TCP/IP Stack Hardening"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]