Whitepaper: Top Five Instant Messaging Security Risks for 2006
Though widely adopted, IM is generally unprotected and unmonitored in consumer and enterprise environments, leaving it vulnerable to attacks and exploits. These attacks have grown exponentially over the past three years, increasing the need for real-time threat response for IM and peer-to-peer (P2P) applications.
Whitepaper: E-Mail Discovery–Worst Case Scenarios Versus Best Practices
Searching through volumes of back-up tapes for requested e-mails is costly and time-consuming, with no guarantee that all the requested records will be recoverable. Veritas Enterprise Vault, now from Symantec, enables organizations to implement automated, policy-based archiving of e-mail and related files to a fully indexed, searchable online archive.
Whitepaper: Using Backup and Archiving Technology to Meet Compliance Objectives
Along with an increasing amount of information to store, enterprises are subject to a number of data retention requirements. Backup and archiving solutions can help address these challenges. They will even help you remain flexible for future developments and changes, such as the next generation of regulations and policies that are sure to come along.
AntiOnline Spotlight: Hardening the Windows TCP/IP Stack
February 25, 2005
If you're running a Windows-heavy IT department, you have undoubtedly endured countless ribbings from your open-source enthusiast friends. Linux, by virtue of its "for all to see" underpinnings, is so secure, flexible, extensible, blah, blah, blah...
Don't let those Linux-savvy colleagues hold it over your head. You can configure a nearly impenetrable Windows server, even without access to the kernel.
All it takes is a registry editor.
In this tutorial from newcomer guardian alpha, Windows admins will learn how to dive into the registry and harden the operating system's TCP/IP stack to make it immune to SYN-based floods and DoS attacks.
A word of caution before you dive in: backup your registry! Now, with that out of the way, it's time to get started...
Note: The opinions expressed below are solely those of the individual posters on the AntiOnline forums.
...after reading proper white-page documentation and experimentation you learn that you can alter the Windows kernel just like Linux/BSD kernel module configuration files. Through vi'ing .config scripts to pico'ing module options, the Linux kernel has shown an amazing ability to become continually flexible in terms of usability and security.
And while not as well documented, Windows allows you a very similar level of security flexibility. How? The Registry. While many scoff and stomp at the thought of having to sort and filter through what many see as a Byzantine maze, the Windows registry can be likened to a combination of the kernel module configuration tree and /etc combined. In other words, it has the capability to control both kernel usability and 3rd party program configurations, all within nice and neat little cubbyholes.
You might be itching to get started but the following warning deserves your attention:
Note: Editing the registry always involves a certain amount of risk involved, especially if you typo a new key. I've done my best to ensure that these work without a hitch, but backup your registry before making any changes to your registry! You can back up the registry by going into your start menu, choosing 'Run..', entering the program name: regedit.exe, highlighting the My Computer field on the left-side pane, and then doing the File menu, followed by Export. Save it to a floppy, email it to an address you can reach later. But make sure you've backed it up!
Now it's time to get our hands dirty.
SYN Flood and other SYN-based DoS protections
Attack Description: To quote ISS: "The SYN flood attack sends TCP connections requests faster than a machine can process them." In regards to the other minor SYN attacks, those will be explained per fix.
Prevention Description: We need to place a delay on the speed in which the SYN/ACK handshake can be tried over and over. This property has three registry options: 0, which offers no form of protection or delay; 1, which will limit the number of SYN retry attempts when the maximum number of open TCP Connections and Retries has been met; and finally 2, which is very similar to option 1 but with the additional feature of delaying WinSock notifications until the three-way handshake involving the offending SYN process is completed. Option 2 is going to offer the most benefit for protecting against SYN flood attacks.
AntiOnline (AO) is home to many of the most popular network security discussion forums online. Here, participants engage in candid, thought-provoking and enlightening exchanges on the latest hazards and how to protect your systems against them.
We invite you to join the AO community (it's free!), share your wisdom and learn a few things in the process.