RE: Binding Windows Services to Specific Addresses Only



Hi Chris,

You best bet is to start here:

http://www.cisecurity.org/


That'll give you both templates based on best practice and a scoring tool to
sink your teeth into. There is indeed plenty more you can do, depending on
your environment, to harden Windows systems.

Obviously once deployed, you should also have a patching policy. AV and
HIDS are good. Proper change management, build policy, admin restriction,
etc. are the other "soft" bit that keep it the way you designed it.







alan


-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx] On
Behalf Of Christian Koerner
Sent: 04 May 2008 00:13
To: focus-ms@xxxxxxxxxxxxxxxxx
Subject: Binding Windows Services to Specific Addresses Only

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Hello everybody!

When it comes to Windows hardening and in specific restricting Windows'
services, the only suggestions that I've found so far are:
*) disable unnecessary services
*) restrict network access through packet filtering

What else can be done and isn't it possible to bind Windows' services to a
specific address/interface, e.g. LAN.

Thanks in advance
Chris




-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFIHPGV6rqywW28g1IRAohNAKCQ9vfcx/N5vRr0bbbiBityYayO4wCgottt
+JClyFFafYzq0ojEA0AfS1c=
=2nbF
-----END PGP SIGNATURE-----

Attachment: smime.p7s
Description: S/MIME cryptographic signature



Relevant Pages