Kevin,

On a very basic level, block everything and only allow what you need. This
will prevent unwanted packets from entering your network (at least
somewhat). A very skilled hacker can still bypass a firewall. I'd suggest
running scans of your network to see what ports are open, figure out what
you need to expose to the "outside" world, and then build your "allow" rules
off of that. But I would strongly advise you use scrutiny in exposing
ports. They are an invitation to disaster. I'd also suggest you run a
sniffer anyway to keep an eye on what makes it on your wire.

Good luck,

Bejon

-----Original Message-----
From: Kevin Kaminski [mailto:Kevin.Kaminskitelus.com]
Sent: Thursday, April 04, 2002 10:55 AM
To: focus-mssecurityfocus.com
Subject: Detailed Port Filtering

I'm looking at building my first IP port firewall for my Windows 2000
Server. I have looked at IP port references such as
http://www.iana.org/assignments/port-numbers but it seems that the list is
not specific as to weather the protocol requires both TCP/UDP connections. I
have found a list that almost has what I am looking for
(http://www.chebucto.ns.ca/~rakerman/port-table.html) but it covers a
limited range of services. I could sit with a sniffer and take the server
through it's paces but I was wondering if someone would know a good resource
that could help an NT Administrator make sound decisions while building a
port filter.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]