Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Download
Standard view
Full view
of .
Save to My Library
Look up keyword
Like this
1Activity
0 of .
Results for:
No results containing your search query
P. 1
Registry Tweaks Related to Network

Registry Tweaks Related to Network

Ratings: (0)|Views: 445|Likes:
Published by Hamami InkaZo
Registry Tweaks Related to Network
Registry Tweaks Related to Network

More info:

Published by: Hamami InkaZo on Aug 20, 2011
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as DOCX, PDF, TXT or read online from Scribd
See more
See less

08/20/2011

pdf

text

original

 
I havn't seen much on
Registry Security
so i took the time out to put something together:
Important!
Learn the registry-settings, before enabling/disabling them.These registry tweaks are for 
Windows NT4, Windows 2000
and
Windows XP.
 
disabling IP Forwarding
 
[HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS]"IPENABLEROUTER"=DWORD:00000000
disallow fragmented IP
 
[HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\IPFILTERDRIVER\PARAMETERS]"ENABLEFRAGMENTCHECKING"=DWORD:00000001
disabling ICMP-Redirect
 
[HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS]"ENABLEICMPREDIRECTS"=DWORD:00000000
enabling TCP/IP-Filtering
 
[HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS]"ENABLESECURITYFILTERS"=DWORD:00000001
disallow forward of fragmented IP-Pakets
 
[HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\IPFILTERDRIVER\PARAMETERS]"DEFAULTFORWARDFRAGMENTS"=DWORD:00000000
restart if Evenlog fails
 
[HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\LSA]"CRASHONAUDITFAIL"=DWORD:00000001
Winsock Protection
 
[HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\AFD\PARAMETERS]"ENABLEDYNAMICBACKLOG"=DWORD:00000020"MAXIMUMDYNAMICBACKLOG"=DWORD:00020000"DYNAMICBACKLOGGROWTHDELTA"=DWORD:00000010
D
enial-of-Service Protection
 
[HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS]
 
"SYNATTACKPROTECT"=DWORD:00000002"TCPMAXDATARETRANSMISSIONS"=DWORD:00000003"TCPMAXHALFOPEN"=DWORD:00000064"TCPMAXHALFOPENRETRIED"=DWORD:00000050"TCPMAXPORTSEXHAUSTED"=DWORD:00000001"TCPMAXCONNECTRESPONERETRANSMISSIONS"=DWORD:00000002"ENABLEDEADGWDETECT"=DWORD:00000000"ENABLEPMTUDISCOVERY"=DWORD:00000000"KEEPALIVETIME"=DWORD:00300000"ALLOWUNQUALIFIEDQUERY"=DWORD:00000000"DISABLEDYNAMICUPDATE"=DWORD:00000001
D
isable Router-
D
iscovery
 
[HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\INTERFACES]"PERFORMROUTERDISCOVERY"=DWORD:00000000
D
isabling
D
omainMaster
 
[HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BROWSER\PARAMETERS]"MAINTAINSERVERLIST"="No""ISDOMAINMASTER"="False"
D
isable Netbios-Name exposing
 
[HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NETBT\PARAMETERS]"NONAMERELEASEONDEMAND"=DWORD:00000001
Fix for MS
D
NS Compatibility with BIN
D
versions earlier than 4.9.4
 
[HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\DNS\PARAMETERS]"BINDSECONDARIES"=DWORD:00000001
disabling Caching of Logon-Credentials (possible also with USRMGR.EXE)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON]"CACHEDLOGONCOUNT"=DWORD:00000001
disabling IP-Source-Routing
 
[HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS]"DISABLEIPSOURCEROUTING"=DWORD:0000001
allow only MS CHAP v2.0 for VPN connections
 
 
[HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\RASMAN\PPP]"SECUREVPN"=DWORD:00000001
disabling caching of RAS-Passwords
 
[HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\RASMAN\PARAMETERS]"DISABLESAVEPASSWORD"=DWORD:00000001
Printerinstallation only by Admins/Print Operators
 [HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\PRINT\PROVIDERS\LANMANPRINT SERVICES\SERVERS]"ADDPRINTDRIVERS"=DWORD:00000001
disabling Administrative Shares NT4.0 Server ($c, $d, $e etc)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\LANMANSERVER\PARAMETERS]"AUTOSHARESERVER"=DWORD:00000000
disabling Administrative Shares NT4.0 Workstation ($c, $d, $e etc)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\LANMANSERVER\PARAMETERS]"AUTOSHAREWKS"=DWORD:00000000
allow only authenicated PPP Clients
 
[HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\RASMAN\PPP]"FORCEENCRYPTEDPASSWORD"=DWORD:00000002
enabling RAS-Logging
 
[HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\RASMAN\PARAMETERS]"LOGGING"=DWORD:00000001
disabling NTFS 8.3 Namegeneration
 
[HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\FILESYSTEM]"NTFSDISABLE8DOT3NAMEGENERATION"=DWORD:00000001
disallow anonymous IPC-Connections
 

You're Reading a Free Preview

Download
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->