FYI - running 188.8.131.527.
I cloned many of the example modules used for hardening a machine, such as:
IP Stack Hardening
Windows LSASS Security
Windows Service Host Security
If I run SuperScan 4 against my test host (which has various web ports, sql, tftp, etc.) using default settings, CSA denies access to the TCP ports but still shows the UDP ports including banner information. The default setting for TCP's scan type is SYN. However if I change the scan type to Connect, I can succesfully see all of my TCP ports and their banner information.
Another tool in SuperScan is Windows Enumeration - I'm able to gather Netbios info, connect with a Null session, get all the MAC addresses, map out all the RPC endpoints, and get the machines date/time and uptime.
How can I use CSA to block this?