registry security settings

Discussion in 'other security issues & news' started by iceni60, Oct 1, 2005.

Thread Status:
Not open for further replies.
  1. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
  2. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    Well, I do not know if it´s safe to perform these actions, but I do know that you can make an OS much safer with registry tweaks, and some of these tweaks are already performed by Samurai and SafeXP I think. :)
     
  3. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    they mostly look good to me, but i don't trust just my opinion, i'm fairly good at missing things. plus i don't understand them all : [
     
  4. You'd have to go and do some individual searching to get these answer's Ice ....

    The main article's here ....

    xxxx://www.microsoft.com/technet/security/topics/networksecurity/legsgch3.mspx

    This one's for Win2K and NT with an XP link out ....

    xxxx://support.microsoft.com/kb/120642/EN-US/

    Good find buddy! ;) Would have been nice for RELiC to reference these.


    GF
     
  5. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    thanks GF, i'll look them up. when i got that list i saw it's also at another site i'm a member of, i might go and ask there too.
     
  6. Rico

    Rico Registered Member

    Joined:
    Aug 19, 2004
    Posts:
    1,699
    Location:
    Texas
    Hi Iceni60,

    I took a look at the site. Wow! Lots of registry updates or changes. My machine is a stand alone, broadband, XP SP2 Home, with a router. Is this similar to your setup? And how many & which registry changes did you confirm (like the sites suggestion) & or change to match the suggested. Are any not advised? Is your system safer from malware, because of the changes recommended? Do you use PG or RD? As perhaps some of the changes may not be applicable or un-necessary with those apps.? Cat like curiosity, has me itching, or should i say scratching to play with the registry. Also i'm sure you know about erunt, did you use this or similar, safety net?

    Take Care
    rico
     
  7. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    hi, Rico :) yes we have a similar setup. the registry tweaks are mainly for servers and wireless setups, but still useful for a standalone PC. they help lockdown security flaws in the TCP/IP Protocol Suite so it's harder for someone to crack your computer. i'm not sure about viruses and other malware though, they're not really my thing.

    disallow fragmented IP
    i'm not sure about IP fragments, while it can be used to crash your PC, if you disallow the fragments i think the packets are dropped and you receive a timeout.

    enabling TCP/IP-Filtering
    i'm not sure about enabling TCP/IP-Filtering. you can do this outside the registry, go -

    Control Panel>Network Connections>your connection setting>Highlight - Internet Protocol (TCP/IP)>Properties>Advanced>Options Tab>Properties.

    there you can specify which protocols can use which ports. you can find this out by looking through your FW rules.

    disallow forward of fragmented IP-Pakets [sic]
    i don't know about this, i think it would only be useful for computers you are connected to and not you. unless there's an exploit that gets you to send these packets to someone trying to take over your PC o_O i don't know :(

    Fix for MS DNS Compatibility with BIND versions earlier than 4.9.4
    i wouldn't worry about this one :D unless i am misunderstanding something, it seems abit odd. although it was probably relevant at the time, i just checked when the post was posted. :)

    it's a really good post by RELiC. i think GF was going to look though the list, but we'll have to wait and see. i haven't changed anything yet. i want to go through the list and apply the things i need, and which are still up to date. i'll let you know what i do.
     
Loading...
Thread Status:
Not open for further replies.