Proxyとか

ネット界隈と時事ニュースなどの日常の何気ない話題が中心な信憑性もなければ公平性もない偏った素人のメモ。

 http://fula.jp/ へのリンクはフリーです [メール] [PGP] はこちらよりどうぞ。但し、営利目的の方はご遠慮下さい。    携帯    English    韓国語    中文

<< Winnyパケット遮断 に対して 総務省が行政指導 | TOP | 久しぶりに停電しました。 >>

[tool]  Windows の ネットワークを最適化(セキュア化) する ツール

2006/05/18(Thu) 14:44:53 Windows の TCP/IP スタックを強化するツールです。日本では紹介されていないようなので紹介します。およそ30項目にのぼるウィザードを順に進めることにより Windows のレジストリを変更し、用途に合ったネットワークの最適化(セキュア化)をする事が出来ます。 [HOWTO] TCP/IP スタックを強化する方法 で説明されている様な事をソフト上から実行する事が出来ます。

Harden-It
http://www.yasc.net/hardenit.shtml (Google 日本語 機械翻訳)

Hardenit.exe
http://sniffem.exaserve.net/Hardenit.exe

最近は高速回線の普及などで自身のパソコンをサーバ化して利用している人も多いのではないかと思います。また P2P など外部と直接通信する機能をもったソフトウエアも多くあります。 Winny が大流行しているのも周知の事実です。Windows は元々そのような使い方に対して最適化(セキュア化)出来ていません。Harden-It は、より効率良く、安全に通信を行う為に Windows を最適化(セキュア化)する手助けになるツールです。

ダウンロードして起動するとまずどのようなツールなのか説明があります。次に進むと自動でバージョン確認が行われ 204.14.90.176 と何らかの通信を行います。この時点で使う気になれない人も多いと思いますが、このツールは海外のサイトでは安全なツールと位置付けされているようです。

次は順にウィザードを進めていきます。ウィザードは専門用語ばかり出てくるので意味のわからない場合もあると思いますが、基本的には各項目の Recommended がある選択肢を目安にウィザードを進めます。

ウィザードの各項目の中には More Information と言うタブがあり、そこにチェックをいれクリックするとその項目の説明がされている Microsoft のページにジャンプ出来るようになっています。しかし飛んだ先が英語(しかも専門用語)なので日本人にはわかりにくいと思います。以下にウィザードの全文(英語)と、実際にソフト上から More Information でジャンプする先に Google 機械翻訳のリンクを付加したものと、それに伴う用語を日本語の Google と Microsoft Japan で検索する為のリンクをつけてあります。ウィザードの全文(英語)を日本語で理解したい場合は当所ごと Google 機械翻訳 すると良いかもしれません。難解なウィザードを理解する手助けになれば幸いです。

ウィザードを完了し、最後に再起動すれば Windows のネットワークを最適化(セキュア化)の完了です。

注意事項このツールは Windows のレジストリを変更し、それを手助けする為のツールです。このツール自体がFWなどの機能を有するものではありません。レジストリを変更する事にはリスクも含まれます。それを理解したうえで自己責任で取り扱ってください。基本的には上級者用のツールです。

  • Welcome
  • Welcome to the installer for Harden-it 1.2.
  • Harden-it can be used to :
  • -----------------------------------------
  • > Harden your server's TCP and IP stack (Netbios, ICMP, SYN, SYN-ACK..)
  • > Protect your servers from Denial of Service and other network based attacks
  • > Enable SYN flood protection when an attack is detected
  • > Set the threshold values that are used to determine what constitutes an attack
  • This is a tool for experts and server administrators, carefully read the descriptions and do not simply click next. For your convenience we recommend that you create a RECOVERY POINT prior to testing your optimal settings.
  • WARNING: This program is protected by copyright law and international treaties. Unauthorized reproduction or distribution of this program may result in severe civil and criminal penalties, and will be prosecuted to the maximum extent possible under law.
  • Select Install Type
  • Select an installation type and click Next to continue.
  • Complete Setup :
  • Only display updates :
  • Revert Changes :
  • Displays all options of Harden-It.
  • Only display options new to this version. Saves time to users keeping up-to-date with Harden-It.
  • This option reverts all the changes made by Harden-It back to Windows defaults.
  • SYN Attack Protection - Harden the TCP/IP stack
  • The SYN flood attack consists of sending TCP connections requests faster than a machine can process them.
  • Syn Flood/Attack Protection (Good)
    • Transmission Control Protocol (TCP) adjusts retransmission of SYN-ACKS. The connection responses time out more quickly during a SYN flood.
  • Syn Flood/Attack Protection (Best)
    • This adds additional delays to connection indications, and TCP connection requests quickly timeout when a SYN attack is in progress.
  • Syn Flood/Attack Protection (Disabled)
    • No Syn Flood protection. Use these setting to revert to your standart setting.
  • SYN Protection Thresholds - Harden the TCP/IP stack
  • Threshold: Maximum Number of Half-Open Tcp Connections  Google  Microsoft Japan
  • TcpMaxHalfOpen - Determines how many connections the server can maintain in the half-open (SYN-RCVD) state before TCP/IP initiates SYN flooding attack protection.
  • 100 (Recommended for Workstations)
  • 500 (Recommended for Servers)
  • More Information (TcpMaxHalfOpen)
  • SYN Protection Thresholds - Harden the TCP/IP stack
  • Threshold: TCP connections in the SYN_RCVD state  Google  Microsoft Japan
  • TcpMaxHalfOpenRetried - Determines how many connections the server can maintain in the half-open (SYN-RCVD) state even after a connection request has been retransmitted.
  • 80 (Recommended for Workstations)
  • 400 (Recommended for Servers)
  • More Information (TcpMaxHalfOpenRetried)
  • SYN Protection Thresholds - Harden the TCP/IP stack
  • Threshold: TcpMaxPortsExhausted  Google  Microsoft Japan
  • TcpMaxPortsExhausted - Specifies the threshold of TCP connection requests that must be exceeded before SYN flood protection is triggered.
  • 0 (Recommended, protection enabled immediately when all ports are exhausted.)
  • 5 (Recommended by Microsoft)
  • More Information (TcpMaxPortsExhausted)
  • Additional SYN Protections - Harden the TCP/IP stack
  • Tcp Max Data Retransmissions  Google  Microsoft Japan
  • Determines how many times TCP retransmits an unacknowledged data segment on an existing connection. TCP retransmits data segments until they are acknowledged or until this value expires.
  • 3 (Recommended)
  • 5 (Default)
  • More Information (TcpMaxDataRetransmissions)
  • Additional SYN Protections - Harden the TCP/IP stack
  • Enable Path Maximum Transmission Unit Discovery  Google  Microsoft Japan
  • The MTU is the largest size of IP datagram which may be transferred. If you do not set this value to 0, An attacker could force the MTU to a very small value and overwork the stack by forcing the server to fragment a large number of packets.
  • Enabled (Recommended)
  • Disabled (Sets the MTU to 576 bytes hardens but slows down)
  • More Information (PMTUD may give problems if ICMP 3 and 4 are filtered))
  • Additional SYN Protections - Harden the TCP/IP stack
  • Connection Keep Alive Time  Google  Microsoft Japan
  • This setting controls how Windows manages connection keep alive transmissions. Specifies how often TCP attempts to verify that an idle connection is still intact by sending a keep-alive packet.
  • Workstation (300000ms or 5 minutes)
  • Web Server (90000 ms or 1,5 minutes)
  • More Information
  • Additional SYN Protections - Harden the TCP/IP stack
  • No Name Release On Demand  Google  Microsoft Japan
  • A denial of service (DoS) attack against Windows servers is to send it a "name release" command. This will cause it to release its NetBIOS, preventing clients from accessing the machine.
  • Disabled (Default)
  • Enabled (Recommended)
  • More Information
  • ICMP Attacks Protection - Harden the TCP/IP stack
  • ICMP Redirects  Google  Microsoft Japan
  • Modifying this registry value to 0 prevents the creation of expensive host routes when an ICMP redirect packet is received. Internet Control Message Protocol (ICMP) redirects cause the stack to plumb host routes.
  • Disabled (Recommended)
  • Enabled (Default)
  • More Information
  • ICMP Attacks Protection - Harden the TCP/IP stack
  • Perform Router Discovery  Google  Microsoft Japan
  • Each router periodically multicasts a Router Advertisement from each of its multicast interfaces, announcing the IP address(es) of that interface.Disables ICMP Router Discovery Protocol (IRDP) where an attacker may remotely add default route entries on a remote system.
  • Disabled (Recommended)
  • Enabled
  • Provided by DHCP (Default)
  • SNMP Attacks Protection - Harden the TCP/IP stack
  • Enable Dead Gateway Detection  Google  Microsoft Japan
  • Determines whether TCP performs dead gateway detection. An attacker could force the server to switch gateways, potentially to an unintended one.
  • Enabled (Default)
  • Disabled (Recommended)
  • More Information
  • AFD.SYS Protections - Harden the TCP/IP stack
  • Enable Dynamic Backlog  Google  Microsoft Japan
  • Specifies AFD.SYS functionality to withstand large numbers of SYN_RCVD connections efficiently.
  • Enabled (Recommended)
  • Disabled (Default)
  • More Information
  • AFD.SYS Protections - Harden the TCP/IP stack
  • Minimum Dynamic Backlog  Google  Microsoft Japan
  • Specifies the minimum number of free connections allowed on a listening endpoint. If the number of free connections drops below this value, a thread is queued to create additional free connections.
  • 10 (Recommended)
  • 20 (When under attack)
  • More Information
  • AFD.SYS Protections - Harden the TCP/IP stack
  • Maximum Dynamic Backlog  Google  Microsoft Japan
  • Specifies the maximum total amount of both free connections plus those in the SYN_RCVD state. Set to lowest for Workstations!
  • 10000 ( !Workstations! - 64MB RAM)
  • 15000 (96MB RAM - Servers)
  • 20000 (128MB RAM - Servers)
  • 40000 (256MB RAM - Servers)
  • 80000 (512MB RAM - Servers)
  • 160000 (1024MB RAM - Servers)
  • More Information
  • AFD.SYS Protections - Harden the TCP/IP stack
  • Dynamic Backlog Growth Delta  Google  Microsoft Japan
  • Specifies the number of free connections to create when additional connections are necessary.
  • 10 (Recommended)
  • 0 (Default)
  • More Information
  • AFD.SYS Protections - Harden the TCP/IP stack
  • Disable Address Sharing  Google  Microsoft Japan
  • This parameter is used to prevent address sharing (SO_REUSEADDR) between processes so that if a process opens a socket, no other process can steal data from it.
  • Disabled (Default)
  • Enabled (Recommended)
  • More Information (DisableAddressSharing)
  • Additional Protections - Harden the TCP/IP stack
  • Disable IPSource Routing  Google  Microsoft Japan
  • NAT is used to screen a network from incoming connections. An attacker can circumvent this screen to determine the network topology using IP source routing. Disables IP source routing.
  • 0 (Forward all packets)
  • 1 (Recommended - do not forward Source Routed packets)
  • 2 (Drop all incoming source routed packets)
  • More Information
  • Additional Protections - Harden the TCP/IP stack
  • Enable Fragment Checking  Google  Microsoft Japan
  • Processing fragmented packets can be expensive. Although it is rare for a denial of service to originate from within the perimeter network, this setting prevents the processing of fragmented packets.Prevents the IP stack from accepting fragmented packets.
  • Disabled (Default)
  • Enabled (Recommended)
  • More Information
  • Additional Protections - Harden the TCP/IP stack
  • Enable Multicast Forwarding  Google  Microsoft Japan
  • Multicast packets may be responded to by multiple hosts, resulting in responses that can flood a network. The routing service uses this parameter to control whether or not IP multicasts are forwarded. This parameter is created by the Routing and Remote Access Service.
  • Disabled (Recommended)
  • Enabled (Default)
  • More Information
  • Additional Protections - Harden the TCP/IP stack
  • Address Mask Requests  Google  Microsoft Japan
  • Your computers running Windows may be responding to Address Mask requests on the network, which could enable malicious users to discover some of your network topology information.
  • Disabled (Recommended)
  • Enabled (Default)
  • More Information (Address Mask Requests)
  • Additional Protections - Harden the TCP/IP stack
  • Query Ip Matching  Google  Microsoft Japan
  • By default, the DNS resolver accepts responses from the DNS servers that it did not query. This feature speeds performance but can be a security risk.
  • Disabled (Default)
  • Enabled (Recommended)
  • More Information (QueryIpMatching)
  • Additional Protections - Harden the TCP/IP stack
  • Restrict Anonymous IPC-Connections  Google  Microsoft Japan
  • Restrict Anonymous (Level 0)
    • Allows anonymous enumeration of SAM accounts and shares. Opens your system pretty wide.
  • Restrict Anonymous (Level 1 - Recommended)
    • Does not allow anonymous numeration of SAM accounts and shares.
  • Restrict Anonymous (Level 2)
    • No way to establish a null session, no information can leak. May cause sharing and print problems.
  • More Information
  • Additional Protections - Harden the TCP/IP stack
  • Restrict Anonymous SAM  Google  Microsoft Japan
  • Enable SAM restriction (Recommended)
    • Does not allow anonymous numeration of SAM accounts and shares.
  • Disable SAM restriction
    • Allows anonymous numeration of SAM accounts and shares.
  • More Information
  • Additional Protections - Harden the TCP/IP stack
  • Everyone Includes Anonymous  Google  Microsoft Japan
  • Enable Everyone Includes Anonymous
    • Null-session users have standard rights.
  • Disable Everyone Includes Anonymous (Recommended)
    • Null-session users won't have any rights.
  • More Information
  • Additional Protections - Harden the TCP/IP stack
  • Arp Retry Count  Google  Microsoft Japan
  • Determines how many times TCP sends an Address Request Packet for its own address when the service is installed. This is known as a gratuitous Address Request Packet.
  • Retry Count 1 (Recommended)
  • Retry Count 2
  • Retry Count 3
  • More Information
  • Additional Protections - Harden the TCP/IP stack
  • Tcp Timed Wait Delay  Google  Microsoft Japan
  • Determines the time that must elapse before TCP can release a closed connection and reuse its resources. This interval between closure and release is known as the TIME_WAIT state or 2MSL state.
  • Aggressive (30 seconds)
  • Smooth (90 seconds - Recommended)
  • Default (240 seconds)
  • More Information
  • Additional Protections - Harden the TCP/IP stack
  • Refuse ResetBrowser Frames  Google  Microsoft Japan
  • Malicious User Can Shut Down Computer Browser Service. An vulnerability exists in the computer browser protocol ResetBrowser frame that could allow a malicious user to shut down a computer browser on the same subnet, or shut down all of the computers browsers on the same subnet.
  • Disabled (Default)
  • Enabled (Recommended)
  • More Information (ResetBrowser)
  • Finish
  • Installation Complete
  • Installation completed successfully.
  • Your system has been successfully hardened and optimised by Harden-it 1.0, please reboot the Workstation or Server for the settings to be effective.
  • HINT :
  • You can run this setup silently to install the default recommended settings by launching install with the parameter /s.
  • Please click Finish to exit this installer.
[admin ID:92RrOHSc] [Trackbacks:0] [English]
[記事固有URL:http://fula.jp/blog/index.php?no=r738]
[トラックバックURL:http://fula.jp/blog/ptb.php?no=738]



コメントについての補足事項

  • コメントは誰でもご自由にどうぞ。但し、営利目的の投稿はご遠慮下さい。
  • コメント内のhttp:// から始まる文字は自動リンクします。
  • 自動リンクしたくない場合は先頭に * (アスタリスク)をつけて *http:// としてください。
  • 投稿パスはコメント投稿後に修正、削除などの管理作業を行う時に利用します。
  • 設定した投稿パスは トリップ としても作用します。
  • ご自身で任意のパスワードを設定のうえ投稿して下さい。
  • 誹謗中傷など投稿内容によっては管理人の権限で削除、修正させて頂く場合があります。
  • 日本語を一定数含まない場合や句読点(点や丸)が使われていないコメントは投稿できません。
  • 正規書き込みパスには、はんかくかたかなで のし と記入下さい。スパム対策です。

名前

投稿パス

正規書き込みパス

コメント

確認後 :

投稿後の記事の修正削除

記事番号 : 投稿パス:

上記より投稿時に設定した投稿パスを入力して下さい。修正、削除などの管理作業を行う事が出来ます。

<< Winnyパケット遮断 に対して 総務省が行政指導 | TOP | 久しぶりに停電しました。 >>

apache_powered.gif php5_powered.gif eaccelerator_powered.gif zend_optimizer_powered.gif xmail_powered.gif opera9_browser.gif

FLEUGELz