|
Posted by rand007 on August 20, 2006, 7:23 am
Please log in for more thread options
Hi,
I am currently hardening windows 2003 server SP1 O.S according to "windows
server 2003 security guide" (version 2.1).
I noticed that there are some "MSS:" registry values that do not exist in
this guide and existed in the previous version, such as:
1. "MSS: (AFD EnableDynamicBacklog) Enable dynamic backlog for Winsock
applications (recommended)" and all other "AFD" settings.
2. "MSS: (EnablePMTUDiscovery) Allow automatic detection of MTU size
(possible DoS by an attacker using a small MTU)".
3. "MSS: (TCPMaxPortsExhausted) How many dropped connect requests to
initiate SYN attack protection (5 is recommended)".
All these settings look important (at leat to me).
Does anyone know the reason these setting do not exist anymore in the new
security guide?
--
RanD
| 
XML Sitemap