XP Pro Sec TCP/IP, Services -w- Hash rules

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Really need some help here and I am interested in the field.

These questions are in regard to a standalone system.  There is no MS
Windows Server 2003(etc) domain controller only a standalone Win XP
Pro system.  I am trying to develop or find scripts that make possible
the rollout of a standalone system more rapidly and still have a very
secure system.  Repeated installation of the same OS, wherein I am
clicking my way to security is driving me nuts.

(1) Does anyone know of a few good sites showing scripts using either
WSH or Perl to control the full range IP ports on a standalone system?
 I would prefer Perl because I know a bit of Perl but will learn/use
WSH to get the job done.

In the Microsoft server realm you can easily block off a range of IP
ports but on a standalone system, which is what I have the same
functionality does not seem to be available.  What I have found is
that you have to close one port per protocol family(TCP & UDP) at a
time hence having to create 2*65535 rules - the ports that you want
open for communications.  If I have made an incorrect assumption here,
which is possible just direct me to the scripts and/or documentation
revealing that and how to go about implementing the functionality
desired using a script.

(2) I would like to control the instantiation of most applications on
the system with hash rules as a security measure, and others such as
browsers and antivirus as services as an authenticated user -w- hash
rules.  Any scripts regarding this?  There must be several hundred
applications that come with the OS that have to be tied down,
everything onboard is being accessed through firewalls despite having
done my best...has anyone made a script available to the public or do
I have to roll my own?  Any great on-line documentation?


Site Timeline