RE: information harvesting from within the network
From: D Adler (dadler_grd-secfoc_at_yahoo.com)
Date: 05/21/05
- Previous message: Steve Hillier: "RE: Security Issues involved with planning DR site & BC"
- Next in thread: Jason Lopez: "RE: information harvesting from within the network"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 20 May 2005 16:01:28 -0700 (PDT) To: ddjjembe 2 <ddjjembe2@hotmail.com>, security-basics@securityfocus.com
I would have to agree with Jason that a GPO is going
to be of little use to you. You'll be better off with
a IDS/IPS system that can shut down the network port
of the suspicious machine when it detects unusual
behavior . If you are a cisco shop, cisco is making
inroads in this direction. I am certain there are
other solutions available as well, I am just not as
familliar with them.
regards,
dave
--- "Beauford, Jason" <jbeauford@EightInOnePet.com>
wrote:
> Within a Windows Environment, I'd recommend using
> the Microsoft Baseline
> Security Analyzer to identify the weak links in your
> Windows deployment.
> Nice thing about it is it give you the MS
> recommended resolutions.
> Things like denying Anonymous Enumeration.
>
> As far as GPO's go, in a University environment,
> your networked PC's are
> most likely not part of the domain, but rather just
> College students and
> therefore your GPO's will have no effect on their
> particular units.
> However, you should deploy GPO's to lockdown those
> PC's within your
> domain.
>
> Again, the MS BSA tool will help you ID some issues
> and supply
> solutions.
>
>
http://www.microsoft.com/technet/security/tools/mbsahome.mspx
>
>
> If you need GPO recommendations, you can check
> Microsoft's site for
> Hardening Windows Clients in a Windows Server
> Environment, or there are
> NIST docs.
>
> Here are some links to get you going:
>
>
http://www.microsoft.com/smallbusiness/gtm/securityguidance/articles/sec
> _winxp_pro_server_env.mspx
>
>
http://www.microsoft.com/technet/security/smallbusiness/prodtech/windows
> 2000/sec_win2000_pro_server_env.mspx
>
>
http://csrc.nist.gov/publications/nistpubs/index.html
>
> Good Luck!
>
> -JMB
>
> -----Original Message-----
> From: ddjjembe 2 [mailto:ddjjembe2@hotmail.com]
> Sent: Thursday, May 19, 2005 10:40 PM
> To: security-basics@securityfocus.com
> Subject: information harvesting from within the
> network
>
>
> Background:
> I work in a university that has university typical
> security practices.
> Currently any authenticated user can scan the parts
> of the network with
> tools like LANguard or Nessus and obtain a
> considerable amount of
> information from them. Most of the computers in
> our network are
> windows
> computers. We also have departments with MACs and
> *nix machines.
>
> Goal:
> If possible, lock down the Windows computers with
> group policies and/or
> templates to disable this potential unauthorized
> information harvesting
> users and then restrict scanning ability to the
> security group with LDAP
>
> permissions. Am I on the right track here?
>
> I would like to achieve this without using a host
> based firewall.
>
> Group policies have large pool of settings to pick
> from. Narrowing it
> down
> to a few that disable at least portions would be
> appreciated.
>
> Thanks,
>
> ddjembe
>
>
_________________________________________________________________
> Don't just search. Find. Check out the new MSN
> Search!
>
http://search.msn.click-url.com/go/onm00200636ave/direct/01/
>
>
- Previous message: Steve Hillier: "RE: Security Issues involved with planning DR site & BC"
- Next in thread: Jason Lopez: "RE: information harvesting from within the network"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
