RE: TCP/IP Stack Hardening
From: dave kleiman (dave_at_isecureu.com)
Date: 12/21/03
- Previous message: Scott Cleven-Mulcahy: "RE: FW: TCP/IP Stack Hardening"
- In reply to: Hoffmann, Aran: "RE: TCP/IP Stack Hardening"
- Next in thread: Scott Cleven-Mulcahy: "RE: FW: TCP/IP Stack Hardening"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: <focus-ms@securityfocus.com> Date: Sun, 21 Dec 2003 01:54:12 -0500
James,
I posted this a while back (but I think it was on iislists) maybe that is
the one you are referring too. My old e-mail was dave@netmedic.net.
We have most of those on all of our servers, epically if they are in the DMZ
with absolutely no degradation in performance. Maybe Aran just applied them
improperly.
If you actually take the time to read and understand what each one does,
many of them would increase performance.
I will not waste the list time with a play by play but you can read some of
them at: http://support.microsoft.com/default.aspx?scid=kb;en-us;120642
_______________________________
Dave Kleiman, CISSP, MCSE, CIFI
dave@isecureu.com
www.SecurityBreachResponse.com
"High achievement always takes place in the framework of high expectation."
Jack Kinder
-----Original Message-----
From: Hoffmann, Aran [mailto:AHoffmann@cta.net]
Sent: Friday, December 19, 2003 15:12
To: focus-ms@securityfocus.com
Subject: RE: TCP/IP Stack Hardening
I used to work in a data center with high security requirements and we
applied all the referenced tcp/ip hardening to our Win2k servers. The
results? Crappy network performance and file transfer timeouts but boy were
we secure. As soon as we removed the hardening the network performance
problems went away.
-----Original Message-----
From: James Bowman [mailto:jim@drexel.edu]
Sent: Friday, December 19, 2003 9:03 AM
To: focus-ms@securityfocus.com
Subject: TCP/IP Stack Hardening
Wondering if anyone has experienced issues after hardening the TCP/IP stack
under Win2K server?
Specifically, I'm wondering about the potential impact of applying:
(pulled from previous posts - don't recall the original poster, but
thanks...)
HKLM\System\CurrentControlSet\Services\AFD\Parameters\DynamicBacklogGrow
thDelta Dword:A
HKLM\System\CurrentControlSet\Services\AFD\Parameters\EnableDynamicBackl
---------------------------------------------------------------------------
---------------------------------------------------------------------------
- Previous message: Scott Cleven-Mulcahy: "RE: FW: TCP/IP Stack Hardening"
- In reply to: Hoffmann, Aran: "RE: TCP/IP Stack Hardening"
- Next in thread: Scott Cleven-Mulcahy: "RE: FW: TCP/IP Stack Hardening"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
