Closed Thread Icon

Topic awaiting preservation: help with winxp security (Page 1 of 1) Pages that link to <a href="http://ozoneasylum.com/backlink?for=26271" title="Pages that link to Topic awaiting preservation: help with winxp security (Page 1 of 1)" rel="nofollow" >Topic awaiting preservation: help with winxp security <span class="small">(Page 1 of 1)</span>\

 
Arthemis
Paranoid (IV) Inmate

From: Milky Way
Insane since: Nov 2001

posted posted 07-18-2005 08:06

Right, so what happened was this:

i used Belarc Advisor and it verified my computer to have a rather limited security level according to the Center for Internet Security.
I consulted the center for internet security http://www.cisecurity.org/ and was confronted with the information that even tho they were not supporting the recent versions of windowsXP professional with their benchmarking tools, they had none the less available, some .inf files, each for a different type of user.

After downloading, I tried the normal "right click -> install" on the .inf file, but that came to no results.
Some further reading and this came up: one had to import it with the adminstrative tool: Local Security Policy .
After an expected system warning, that these policies could be overrided by group policies, the file was finally put to use.

Subsequently: a higher security mark on Belarc Advisor.

This was all fine and dandy, and i hope some of you can use this information.
Belar Advisor can be found here: http://www.belarc.com/free_download.html


Now for the bad part:
The problem came when i tried to use p2p clients. I use emule and limewire. They were fine before, but now they are downloading like snails. I don't know why. Browsers work fine, with high dl speeds. Online connection speed tests put my connection where it's supposed to be. I pretty much believe it has to do with new security policies.


I'm running winxp professional sp2 | firewall: sygate professional | antivirus: norton 2005
all of them fully updated



Waiting for advice.
Thanks in advanced.

Arthemis
Paranoid (IV) Inmate

From: Milky Way
Insane since: Nov 2001

posted posted 07-18-2005 08:12

Here are the contents of the .inf file.

code:
; (c) Microsoft Corporation 1997-2000
;
; Security Configuration Template for Security Configuration Editor
;
; Template Name:        CIS-WinXP-Legacy-v1.0.1.inf
; Template Version:     1.0.1
;
; Revision History
; 1.0.0 - February 2004 Original Release.
; 1.0.1 - March 13, 2004 Changed SeDebug to "None".
;
; Designed for:		The Center for Internet Security - http://www.cisecurity.org
;
; Authors:		Jeff  Shawgo:  windows-feedback@cisecurity.org
;			Kerry Steele:  windows-feedback@cisecurity.org
;

[Unicode]
Unicode=yes

[Version]
signature="$CHICAGO$"
Revision=1


[System Access]
MinimumPasswordAge = 1
MaximumPasswordAge = 90
MinimumPasswordLength = 8
PasswordComplexity = 1
PasswordHistorySize = 24
LockoutBadCount = 50
ResetLockoutCount = 15
LockoutDuration = 15
ClearTextPassword = 0
LSAAnonymousNameLookup = 0
EnableGuestAccount = 0

[System Log]
MaximumLogSize = 16384
RestrictGuestAccess = 1

[Security Log]
MaximumLogSize = 81920
RestrictGuestAccess = 1

[Application Log]
MaximumLogSize = 16384
RestrictGuestAccess = 1

[Event Audit]
AuditSystemEvents = 1
AuditLogonEvents = 3
AuditObjectAccess = 3
AuditPrivilegeUse = 2
AuditPolicyChange = 1
AuditAccountManage = 3
AuditAccountLogon = 3

[Group Membership]
*S-1-5-32-555__Memberof =
*S-1-5-32-555__Members =
[Registry Values]
MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\NullSessionPipes=7,
MACHINE\Software\Microsoft\Driver Signing\Policy=3,1
MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole\SecurityLevel=4,0
MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AllocateDASD=1,"2"
MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\CachedLogonsCount=1,"2"
MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\PasswordExpiryWarning=4,14
MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ScRemoveOption=1,"1"
MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableCAD=4,0
MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DontDisplayLastUserName=4,1
MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\LegalNoticeCaption=1,"Warning!"
MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\LegalNoticeText=7,This system is for the use of authorized users only.  Individuals using this computer system without authority,or in excess of their authority,are subject to having all of their activities on this system monitored and recorded by system personnel.  Anyone using this system expressly consents to such monitoring,and is advised that if such monitoring reveals possible evidence of criminal activity,system personnel may provide the evidence of such monitoring to law enforcement officials.
MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\ShutdownWithoutLogon=4,0
MACHINE\System\CurrentControlSet\Control\Lsa\EveryoneIncludesAnonymous=4,0
MACHINE\System\CurrentControlSet\Control\Lsa\ForceGuest=4,0
MACHINE\System\CurrentControlSet\Control\Lsa\LimitBlankPasswordUse=4,1
MACHINE\System\CurrentControlSet\Control\Lsa\LmCompatibilityLevel=4,3
MACHINE\System\CurrentControlSet\Control\Lsa\NoDefaultAdminOwner=4,1
MACHINE\System\CurrentControlSet\Control\Lsa\RestrictAnonymous=4,1
MACHINE\System\CurrentControlSet\Control\Lsa\RestrictAnonymousSAM=4,1
MACHINE\System\CurrentControlSet\Control\Session Manager\Memory Management\ClearPageFileAtShutdown=4,1
MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\AutoDisconnect=4,15
MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\EnableForcedLogOff=4,1
MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\EnableSecuritySignature=4,1
MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\NullSessionShares=7,
MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\EnablePlainTextPassword=4,0
MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\EnableSecuritySignature=4,1
MACHINE\System\CurrentControlSet\Services\LDAP\LDAPClientIntegrity=4,2
MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\DisablePasswordChange=4,0
MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\MaximumPasswordAge=4,30
MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\RequireSignOrSeal=4,0
MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\SealSecureChannel=4,1
MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\SignSecureChannel=4,1
MACHINE\Software\Microsoft\DrWatson\CreateCrashDump=4,0
MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AEDebug\Auto=4,0
MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun=4,255
USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun=4,255
MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoAdminLogon=4,0
MACHINE\System\CurrentControlSet\Control\CrashControl\AutoReboot=4,0
MACHINE\System\CurrentControlSet\Services\CDrom\Autorun=4,0
MACHINE\System\CurrentControlSet\Services\LanmanServer\Parameters\AutoShareWks=4,0
MACHINE\System\CurrentControlSet\Services\MrxSmb\Parameters\RefuseReset=4,1
MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\DisableIPSourceRouting=4,2
MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\EnableDeadGWDetect=4,0
MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\EnableICMPRedirect=4,0
MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\EnablePMTUDiscovery=4,0
MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\KeepAliveTime=4,300000
MACHINE\System\CurrentControlSet\Services\Netbt\Parameters\NoNameReleaseOnDemand=4,1
MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\PerformRouterDiscovery=4,0
MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\SynAttackProtect=4,2
MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\TcpMaxHalfOpen=4,100
MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\TcpMaxHalfOpenRetired=4,80
MACHINE\System\CurrentControlSet\Services\IPSEC\NoDefaultExempt=4,1
MACHINE\System\CurrentControlSet\Services\Lanmanserver\Parameters\Hidden=4,1
MACHINE\System\CurrentControlSet\Control\Session Manager\SafeDllSearchMode=4,1
[Privilege Rights]
SeNetworkLogonRight = *S-1-5-32-545,*S-1-5-32-544
SeTcbPrivilege =
SeRemoteInteractiveLogonRight = *S-1-5-32-544
SeBackupPrivilege = *S-1-5-32-544
SeChangeNotifyPrivilege = *S-1-5-32-545
SeSystemtimePrivilege = *S-1-5-32-544
SeCreatePagefilePrivilege = *S-1-5-32-544
SeCreateTokenPrivilege =
SeCreatePermanentPrivilege =
SeDebugPrivilege =
SeDenyNetworkLogonRight = *S-1-5-32-546
SeRemoteShutdownPrivilege = *S-1-5-32-544
SeAuditPrivilege = *S-1-5-20,*S-1-5-19
SeIncreaseBasePriorityPrivilege = *S-1-5-32-544
SeLoadDriverPrivilege = *S-1-5-32-544
SeBatchLogonRight =
SeServiceLogonRight =
SeInteractiveLogonRight = *S-1-5-32-545,*S-1-5-32-544
SeSecurityPrivilege = *S-1-5-32-544
SeSystemEnvironmentPrivilege = *S-1-5-32-544
SeManageVolumePrivilege = *S-1-5-32-544
SeProfileSingleProcessPrivilege = *S-1-5-32-544
SeSystemProfilePrivilege = *S-1-5-32-544
SeUndockPrivilege = *S-1-5-32-545,*S-1-5-32-544
SeAssignPrimaryTokenPrivilege = *S-1-5-20,*S-1-5-19
SeRestorePrivilege = *S-1-5-32-544
SeShutdownPrivilege = *S-1-5-32-545,*S-1-5-32-544
SeTakeOwnershipPrivilege = *S-1-5-32-544
SeLockMemoryPrivilege =
[Registry Keys]
"USERS\.DEFAULT\Software\Microsoft\SystemCertificates\Root\ProtectedRoots",0,"D:PAR(A;CI;KA;;;BA)(A;CI;KA;;;SY)(A;CI;KR;;;BU)"
"MACHINE\SYSTEM\CurrentControlSet\Services\SNMP\Parameters\PermittedManagers",0,"D:PAR(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;KA;;;SY)"
"MACHINE\SYSTEM\CurrentControlSet\Services\SNMP\Parameters\ValidCommunities",0,"D:PAR(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;KA;;;SY)"
"MACHINE\SYSTEM\CurrentControlSet\Enum",0,"D:PAR(A;CI;KA;;;BA)(A;CI;KR;;;AU)(A;CI;KA;;;SY)"
"MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies",0,"D:PAR(A;CI;KA;;;BA)(A;CI;KR;;;AU)(A;CI;KA;;;SY)"
"MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer",0,"D:PAR(A;CI;KA;;;BA)(A;CI;KA;;;SY)(A;CI;KR;;;BU)"
"MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit",0,"D:PAR(A;CI;KA;;;BA)(A;CI;KA;;;SY)(A;CI;KR;;;BU)"
[File Security]
"%SystemRoot%\system32\at.exe",0,"D:PAR(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)"
"%SystemRoot%\system32\attrib.exe",0,"D:PAR(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)"
"%SystemRoot%\system32\cacls.exe",0,"D:PAR(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)"
"%SystemRoot%\system32\debug.exe",0,"D:PAR(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)"
"%SystemRoot%\system32\drwatson.exe",0,"D:PAR(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)"
"%SystemRoot%\system32\drwtsn32.exe",0,"D:PAR(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)"
"%SystemRoot%\system32\edlin.exe",0,"D:PAR(A;OICI;FA;;;BA)(A;OICI;0x1200a9;;;IU)(A;OICI;FA;;;SY)"
"%SystemRoot%\system32\eventcreate.exe",0,"D:PAR(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)"
"%SystemRoot%\system32\eventtriggers.exe",0,"D:PAR(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)"
"%SystemRoot%\system32\ftp.exe",0,"D:PAR(A;OICI;FA;;;BA)(A;OICI;0x1200a9;;;IU)(A;OICI;FA;;;SY)"
"%SystemRoot%\system32\net.exe",0,"D:PAR(A;OICI;FA;;;BA)(A;OICI;0x1200a9;;;IU)(A;OICI;FA;;;SY)"
"%SystemRoot%\system32\net1.exe",0,"D:PAR(A;OICI;FA;;;BA)(A;OICI;0x1200a9;;;IU)(A;OICI;FA;;;SY)"
"%SystemRoot%\system32\netsh.exe",0,"D:PAR(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)"
"%SystemRoot%\system32\rcp.exe",0,"D:PAR(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)"
"%SystemRoot%\system32\reg.exe",0,"D:PAR(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)"
"%SystemRoot%\regedit.exe",0,"D:PAR(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)"
"%SystemRoot%\system32\regedt32.exe",0,"D:PAR(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)"
"%SystemRoot%\system32\regsvr32.exe",0,"D:PAR(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)"
"%SystemRoot%\system32\rexec.exe",0,"D:PAR(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)"
"%SystemRoot%\system32\rsh.exe",0,"D:PAR(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)"
"%SystemRoot%\system32\runas.exe",0,"D:PAR(A;OICI;FA;;;BA)(A;OICI;0x1200a9;;;IU)(A;OICI;FA;;;SY)"
"%SystemRoot%\system32\sc.exe",0,"D:PAR(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)"
"%SystemRoot%\system32\subst.exe",0,"D:PAR(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)"
"%SystemRoot%\system32\tlntsvr.exe",0,"D:PAR(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)"
"%SystemRoot%\system32\telnet.exe",0,"D:PAR(A;OICI;FA;;;BA)(A;OICI;0x1200a9;;;IU)(A;OICI;FA;;;SY)"
"%SystemRoot%\system32\tftp.exe",0,"D:PAR(A;OICI;FA;;;BA)(A;OICI;0x1200a9;;;IU)(A;OICI;FA;;;SY)"
[Service General Setting]
Alerter,4,"D:AR(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;CCLCSWLOCRRC;;;IU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
ClipSrv,4,"D:AR(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;CCLCSWLOCRRC;;;IU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
MSFtpsvc,4,"D:AR(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;CCLCSWLOCRRC;;;IU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
IISADMIN,4,"D:AR(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;CCLCSWLOCRRC;;;IU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
Messenger,4,"D:AR(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;CCLCSWLOCRRC;;;IU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
mnmsrvc,4,"D:AR(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;CCLCSWLOCRRC;;;IU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
RDSessMgr,4,"D:AR(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;CCLCSWLOCRRC;;;IU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
RemoteAccess,4,"D:AR(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;CCLCSWLOCRRC;;;IU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
SMTPSVC,4,"D:AR(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;CCLCSWLOCRRC;;;IU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
SNMP,4,"D:AR(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;CCLCSWLOCRRC;;;IU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
SNMPTRAP,4,"D:AR(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;CCLCSWLOCRRC;;;IU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
TlntSvr,4,"D:AR(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;CCLCSWLOCRRC;;;IU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
W3SVC,4,"D:AR(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;CCLCSWLOCRRC;;;IU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
[Profile Description]
Description=Center for Internet Security Windows XP Legacy Security - v1.0.1 Windows XP Professional



note: The firewall is properly configured. I changed from norton 2003 to 2005 recently, but had the same problem with the old one, even if norton 2005 is much more restrictive.

Arthemis
Paranoid (IV) Inmate

From: Milky Way
Insane since: Nov 2001

posted posted 07-20-2005 00:17

i have been given hell because i posted the exact same request for help on annoyances.org. Please don't tell me you also have a problem with the word p2p.

jdauie
Bipolar (III) Inmate

From: Missoula, MT
Insane since: Jan 2003

posted posted 07-20-2005 00:56

Arthemis: Your problem is likely within the TCPIP key. I don't know more specifically what the issue is, because I am not familiar with how emule/limewire in particular transfer data at that level. Try increasing the number of allowed SYN-RCVD connections before synflood protection is enabled.

jdauie
Bipolar (III) Inmate

From: Missoula, MT
Insane since: Jan 2003

posted posted 07-20-2005 00:57

[ double post: network problems on my end :) ]

(Edited by jdauie on 07-20-2005 00:58)

Arthemis
Paranoid (IV) Inmate

From: Milky Way
Insane since: Nov 2001

posted posted 07-21-2005 09:52

thank you

i'll give some feedback on the results later

~this is not a signature~

Arthemis
Paranoid (IV) Inmate

From: Milky Way
Insane since: Nov 2001

posted posted 07-21-2005 11:42

well, i investigated a bit and then changed the registry synattack value, first to 1 (limited protection), and then to 0 (no protection).
I got no result. Probably one of the other settings up there is to be blamed.

I read a bit more about security settings and figured out how to apply the templates that come with windows. And to a lower level too =P. Then i applied the one for default settings.

As a result i got back to my unsecure settings, but now the connections seem normal.

Of all the sites i consulted here's one that sums up the information http://www.net-security.org/article.php?id=732

Now for a question, do you know of any website that provides security templates? This one i posted, is obviously directed to workstations, and not to home users. And i'm not inclined to go with the ones provided with windows.

« BackwardsOnwards »

Show Forum Drop Down Menu