See ISM/MMC Does Not Work Through a Firewall [Q218471]

CAUSE
=====
 
This is by design. If the MMC ISM was configured to operate through a
firewall
using TCP port-based security alone, particularly by opening additional TCP
ports, it could potentially expose sensitive configuration information to
the
Internet.
 
The HTMLA uses TCP port 80, which is open on most firewalls for Web traffic
and
sites.
 
HTTP and FTP are well defined by firewalls, which make these protocols more
secure.
 
RESOLUTION
==========
 
To resolve this issue, do one of the following:
 
Use HTMLA over SSL
------------------
 
Use the HTML version of the Internet Service Manager (also known as the HTML
Administration or HTMLA) over SSL. This uses HTTP-based security, which will
require additional configurations mentioned in the online documentation for
the
Windows NT Option Pack.
 
-OR-
 
Use the ISM MMC over PPTP
-------------------------
 
Use Point-to-Point Tunneling Protocol (PPTP) to tunnel through the firewall.
The
ISM MMC can be used on the secure PPTP connection. This will also require
additional configurations.
 

-----Original Message-----
From: Jason Yates [mailto:jyatesdataservice.org]
Sent: Thursday, April 04, 2002 1:57 PM
To: 'focus-mssecurityfocus.com'
Subject: Internet Services Manager

I'm trying to use Internet Services Manager snap-in on a web server
located in our internal network. The web server is running Win2k and
IIS 5.0. At first, I was connecting fine. I've added TCP/IP filtering
to the remote machine, and now I can't connect. What ports does ISM use
anyway?

I'm allowing UDP and TCP connection to port 137-139 and just TCP to port
80. All other filtering is taken care off in the outside firewall.

-Jason

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]