Security Basics mailing list archives

RE: Least privilege vs Windows server security

From: "dave kleiman" <dave () davekleiman com>
Date: Sun, 15 Jul 2007 02:58:14 -0400

     >> For instance, here is an excerpt from a microsoft document I can no
longer
      locate:<<

That is the server hardening chapter of the Securing Windows 2000 server
guide:
http://tinyurl.com/ah6ax

You can probably find an online  version of the guide on MS Technet.



Respectfully,

Dave Kleiman - http://www.davekleiman.com/about.php





      -----Original Message-----
      From: listbounce () securityfocus com
[mailto:listbounce () securityfocus com] On
      Behalf Of rmbarnesusa () bigfoot com
      Sent: Friday, July 13, 2007 17:46
      To: security-basics () securityfocus com
      Subject: Re: Least privilege vs Windows server security
      
      Have you tried to limit the RPC ports by editing the registry to some
restricted
      subset of ports between 49152 through 65535.
      
      
      
      For instance, here is an excerpt from a microsoft document I can no
longer
      locate:
      
      
      
      When limiting RPC traffic in your environment to a certain number of
ports, the
      port range chosen should include ports over 50,000. This can be
configured by
      setting the following registry settings:
      
      
      
      The HKEY_LOCAL_MACHINE\Software\Microsoft\RPC\Internet key should be
      created if it does not already exist.
      
      
      
      The HKEY_LOCAL_MACHINE\Software\Microsoft\RPC\Internet\Ports should be
      created and configured as a REG_MULTI_SZ with a value that represents
the
      range of ports to be opened. For example, the value 57901-57950 will
open 50
      ports for the use of RPC traffic.
      
      
      
      The
 
HKEY_LOCAL_MACHINE\Software\Microsoft\RPC\Internet\PortsInternetAvailable
      should be created and configured as REG_SZ with a value of Y. The
      HKEY_LOCAL_MACHINE\Software\Microsoft\RPC\Internet\UseInternetPorts
      should be created and configured as REG_SZ with a value of Y.
      
      
      
      After making the above changes to the Registry, the server should be
restarted.
      
      
      
      Note: These changes could affect performance and should be tested
prior to
      implementing in production. The exact number of ports that will be
opened will
      depend on the environment as well as the use and functionality of the
server.
      Client logon times should be monitored. If logon performance is
degraded,
      additional ports may need to be opened.
      
      
      
      Here is another link in case you have not seen it. It appears fairly
detailed:
      
 
http://www.microsoft.com/technet/prodtechnol/windows2000serv/technologies/
      activedirectory/deploy/confeat/adrepfir.mspx
      
      
      
      This worked for me at least until my regedit mysteriously disappeared
after
      applying a Microsoft RPC patch. :-(

Current thread:

Least privilege vs Windows server security Dan Lynch (Jul 13)
- RE: Least privilege vs Windows server security Ackley, Alex (Jul 13)
- RE: Least privilege vs Windows server security Scott Ramsdell (Jul 16)
- <Possible follow-ups>
- Re: Least privilege vs Windows server security rmbarnesusa (Jul 13)
  - RE: Least privilege vs Windows server security dave kleiman (Jul 17)
- Re: Least privilege vs Windows server security Bill Stout (Jul 23)