Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Group policy hardening question


  • Please log in to reply
4 replies to this topic

#1 exus69

exus69

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:09:57 AM

Posted 10 September 2014 - 06:47 AM

Hello,

What kind of attacks does the following group policy hardening steps thwart in a workgroup environment:

- Network Security: LAN Manager authentication level
Send NTLMv2 response only. Refuse LM & NTLM

- Network Security: Minimum session security for NTLM SSP based (including secure RPC) servers
RequireNTLMv2sessionsecurity, Require128-bitencryption, Require message integrity, Require message confidentiality

- Network Security: Minimum session security for NTLM SSP based (including secure RPC) clients
RequireNTLMv2sessionsecurity, Require128-bitencryption, Require message integrity, Require message confidentiality

- Network Security: Do not store LAN Manager hash value on next password change: Enabled

- Microsoft network server: Digitally sign communications (always): Enabled

- Microsoft network server: Digitally sign communications (if client agrees): Enabled

- Microsoft network client: Digitally sign communications (always): Enabled

- Network access: Do not allow anonymous enumeration of SAM accounts and shares: Enabled

- Administrative Templates>System>Remote Procedure Call>Restrictions for Unauthenticated RPC clients: Enabled (Authenticated)

- Network Access: Shares that can be Accessed Anonymously
Remove all shares

Also are there any other/better hardening group policy settings that you are aware of? Kindly share the same over here.

What other network security steps can be taken in a workgroup environment??

Thanks clear.png



BC AdBot (Login to Remove)

 


#2 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,717 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:27 AM

Posted 12 September 2014 - 01:10 PM

Please describe your environment.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#3 exus69

exus69
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:09:57 AM

Posted 12 September 2014 - 09:00 PM

Its a small office with five Windows 7 computers networked in a workgroup environment.



#4 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,717 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:27 AM

Posted 13 September 2014 - 03:10 AM

Attacks this prevents: password cracking, credential stealing, identity spoofing, anonymous enumeration.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#5 exus69

exus69
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:09:57 AM

Posted 13 September 2014 - 06:28 AM

Thank you :)






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users