Re: OS Fingerprinting Prevention

From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 06/24/05


Date: Thu, 23 Jun 2005 23:48:31 -0500

Firewalls will help and Windows 2003 has a built in firewall with the SP1
firewall being much more configurable. This should not be happening from
outside your network if your perimeter firewall is configured correctly.
Ipsec require policy that does not respond to non ipsec traffic would also
prevent such from computers that do not have a compatible ipsec policy
enabled. Ipsec configuration however is not trivial, requires exceptions for
domain controllers, and must be tested thoroughly before rolled out. If
other security measures are in place on your network such as requirement for
strong passwords, prompt management of security patches, concept of least
needed privilege applied for permissions and user rights, reviewing the
security logs, and hardening of the operating system then the threat from OS
fingerprinting is minimized.

Windows 2003 also has many security options to restrict access from
anonymous access that can also reduce what info scans can acquire. Refer to
the Windows 2003 Server Security Guide and the Threats and Countermeasure
Guide for more information on security options and what levels to use in
different network environments. --- Steve

http://www.microsoft.com/technet/security/prodtech/windowsserver2003/W2003HG/SGCH00.mspx
 --- Windows 2003 Security Guide
http://www.microsoft.com/technet/security/default.mspx --- TechNet
Security

"SunRace" <SunRace@discussions.microsoft.com> wrote in message
news:6370E272-3C31-4119-97E5-15314FD5E49D@microsoft.com...
> Hello,
>
> Is there any way to prevent OS fingerprinting scans on Windows 2003?
>



Relevant Pages

  • Re: Guide to secure installtion of IIS 5
    ... don't forget a well-configured firewall. ... Do not put the computer onto the network or the Internet until after the ... Follow the instructions for hardening Windows and IIS at ... Install all service packs and security fixes from Microsoft and otherwise ...
    (microsoft.public.inetserver.iis.security)
  • Re: The Myth of the secure Mac
    ... You are screwed only if you use Outlook. ... >> 1) You fail to apply necessary recommended security patches after ... >> 3) In the case of a firewall, ... >> attached as common Windows files) Make sure this Junk Mail is moved to ...
    (comp.sys.mac.advocacy)
  • Re: Antivirus Programs
    ... Shenan-you wrote an excellent security book. ... >> May I install Norton AntiVirus and McAfee Security on my ... > Windows is not the only product you likely have on your PC. ... You should at least turn on the built in firewall. ...
    (microsoft.public.windowsxp.newusers)
  • Re: Microsoft Windows Network & Web Client Network - somebody connected to my computer?
    ... I use Windows XP. ... Doing the best I can at absorbing the necessary information about security. ... > UPDATES and PATCHES ... You should at least turn on the built in firewall. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Security for 64 bit Vista Laptop
    ... Windows Defender is enabled, as is Windows firewall. ... I'd like to address strong security. ... Understanding and Configuring User Account Control in Windows Vista. ... Internet Explorer Enhanced Security Configuration changes the browsing ...
    (microsoft.public.windows.vista.security)