[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] FW-1 SPs
On Thu, Dec 07, 2000 at 02:23:24PM -0000, Thornton, Richard wrote: : I was wondering if anyone knew of the availability of Service Pack 7 for NT, : reason being I want to install a firewall-1 server based on NT but am : worried at the amount of hotfixes that may need to be applied to a sp6a : machine to make it secure. Just apply SP6a, and then be *smart* about what you leave running on the machine. MCSE's cringe when I tell what you should remove, but the box will continue to run just fine && dandy. Don't listen to them when they say the box won't work right any longer. This is a firewall we're talking about, not a file server - you don't care if the FW shows up in the Network Neighborhood. 1) Get into the Network Properties, go to the Services tab and remove everything except for (optionally) SNMP. If you don't care if the FW-1 Monitor application works or not, remove that too. The services you want gone are: Netbios Interface Workstation Server RPC Configuration Computer Browser 2) In Control Panel -> Devices, kill the WINS Client (disable) 3) In Control Panel -> Services, kill the TCP/IP Netbios helper (disable) Now, when you go into network properties, you will get a message that says "Windows NT Networking is not installed, would you like to install it?" You should ALWAYS answer "No." Why would you do this? Most of the vulnerabilities for NT are either NetBIOS related, or related to some other service that you don't need to run a firewall. If those services aren't there, you can't exploit them, right? -- Jason Costomiris <>< | Technologist, geek, human. jcostom {at} jasons {dot} org | http://www.jasons.org/ Quidquid latine dictum sit, altum viditur. ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|