Improving Web Application Security: Threats and - CGISecurity

758 Improving Web Application Security: Threats and Countermeasures●●●●Value name: TcpMaxDataRetransmissionsRecommended value data: 2Valid values: 0–65535Description: Specifies the number of times that TCP retransmits an individual datasegment (not connection request segments) before aborting the connection.Value name: EnablePMTUDiscoveryRecommended value data: 0Valid values: 0, 1Description: Setting this value to 1 (the default) forces TCP to discover themaximum transmission unit or largest packet size over the path to a remote host.An attacker can force packet fragmentation, which overworks the stack. Specifying0 forces the MTU of 576 bytes for connections from hosts not on the local subnet.Value name: KeepAliveTimeRecommended value data: 300000Valid values: 80–4294967295Description: Specifies how often TCP attempts to verify that an idle connection isstill intact by sending a keep-alive packet.Value name: NoNameReleaseOnDemandRecommended value data: 1Valid values: 0, 1Description: Specifies to not release the NetBIOS name of a computer when itreceives a name-release request.Use the values that are summarized in Table 1 for maximum protection.Table 1 Recommended ValuesValue NameValue (REG_DWORD)SynAttackProtect 2TcpMaxPortsExhausted 1TcpMaxHalfOpen 500TcpMaxHalfOpenRetried 400TcpMaxConnectResponseRetransmissions 2TcpMaxDataRetransmissions 2EnablePMTUDiscovery 0KeepAliveTime300000 (5 minutes)NoNameReleaseOnDemand 1