|
Posted by Roger Abell [MVP] on August 25, 2006, 12:19 am
Please log in for more thread options
I keep meaning to find "previous version" to compare and see whether
you mean v1.0 of the 2k3, or you mean the 2k guide.
I know the stack had work, and that a couple those settings can be
performance intense.
> Hi,
>
> I am currently hardening windows 2003 server SP1 O.S according to
> "windows
> server 2003 security guide" (version 2.1).
>
> I noticed that there are some "MSS:" registry values that do not exist
> in
> this guide and existed in the previous version, such as:
> 1. "MSS: (AFD EnableDynamicBacklog) Enable dynamic backlog for Winsock
> applications (recommended)" and all other "AFD" settings.
> 2. "MSS: (EnablePMTUDiscovery) Allow automatic detection of MTU size
> (possible DoS by an attacker using a small MTU)".
> 3. "MSS: (TCPMaxPortsExhausted) How many dropped connect requests to
> initiate SYN attack protection (5 is recommended)".
>
> All these settings look important (at leat to me).
>
> Does anyone know the reason these setting do not exist anymore in the
> new
> security guide?
>
> --
> RanD
>
| 
XML Sitemap