registry security settings

hi, i was looking up some registry setting i want to change and i found this post with one i was looking up. are these all safe to use? thanks.

http://www.governmentsecurity.org/forum/index.php?showtopic=6526

edit, i mean on a standalone PC, thanks

 

Well, I do not know if it´s safe to perform these actions, but I do know that you can make an OS much safer with registry tweaks, and some of these tweaks are already performed by Samurai and SafeXP I think.

 

they mostly look good to me, but i don't trust just my opinion, i'm fairly good at missing things. plus i don't understand them all : [

 

You'd have to go and do some individual searching to get these answer's Ice ....

The main article's here ....

xxxx://www.microsoft.com/technet/security/topics/networksecurity/legsgch3.mspx

This one's for Win2K and NT with an XP link out ....

xxxx://support.microsoft.com/kb/120642/EN-US/

Good find buddy! Would have been nice for RELiC to reference these.


GF

 

thanks GF, i'll look them up. when i got that list i saw it's also at another site i'm a member of, i might go and ask there too.

 

Hi Iceni60,

I took a look at the site. Wow! Lots of registry updates or changes. My machine is a stand alone, broadband, XP SP2 Home, with a router. Is this similar to your setup? And how many & which registry changes did you confirm (like the sites suggestion) & or change to match the suggested. Are any not advised? Is your system safer from malware, because of the changes recommended? Do you use PG or RD? As perhaps some of the changes may not be applicable or un-necessary with those apps.? Cat like curiosity, has me itching, or should i say scratching to play with the registry. Also i'm sure you know about erunt, did you use this or similar, safety net?

Take Care
rico

 

hi, Rico yes we have a similar setup. the registry tweaks are mainly for servers and wireless setups, but still useful for a standalone PC. they help lockdown security flaws in the TCP/IP Protocol Suite so it's harder for someone to crack your computer. i'm not sure about viruses and other malware though, they're not really my thing.

disallow fragmented IP
i'm not sure about IP fragments, while it can be used to crash your PC, if you disallow the fragments i think the packets are dropped and you receive a timeout.

enabling TCP/IP-Filtering
i'm not sure about enabling TCP/IP-Filtering. you can do this outside the registry, go -

Control Panel>Network Connections>your connection setting>Highlight - Internet Protocol (TCP/IP)>Properties>Advanced>Options Tab>Properties.

there you can specify which protocols can use which ports. you can find this out by looking through your FW rules.

disallow forward of fragmented IP-Pakets [sic]
i don't know about this, i think it would only be useful for computers you are connected to and not you. unless there's an exploit that gets you to send these packets to someone trying to take over your PC i don't know

Fix for MS DNS Compatibility with BIND versions earlier than 4.9.4
i wouldn't worry about this one unless i am misunderstanding something, it seems abit odd. although it was probably relevant at the time, i just checked when the post was posted.

it's a really good post by RELiC. i think GF was going to look though the list, but we'll have to wait and see. i haven't changed anything yet. i want to go through the list and apply the things i need, and which are still up to date. i'll let you know what i do.