OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Skinner, Kit (KSkinnersandstream.com)
Date: Mon Apr 08 2002 - 15:47:50 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    There was a similar article about using IPSec posted to MSDN about a year
    ago. It can be found at:
    http://www.microsoft.com/TechNet/itsolutions/network/maintain/security/ipsec
    ld.asp

    However, there have been some issues pointed out with IPSec before on this
    list. For instance, there is some traffic that is exempt from all IPSec
    filters. For the initial list look at article Q253169:
    http://support.microsoft.com/default.aspx?scid=kb;en-us;Q253169

    You can remove the exemption for Kerberos and RSVP as described by Q254728:
    http://support.microsoft.com/default.aspx?scid=kb;EN-US;q254728

    This still leaves IKE, Multicast and Broadcast traffic unfiltered. There
    were some utilities developed and being developed that were posted to the
    list, but I seem to be missing the links. I remember these tools utilizing
    the rules underlying IP Filtering rules to do filtering by Src/Dest
    Port/Address and becoming more thorough. These controls are of course
    unsupported by MS, but should generate a little bit stiffer restrictions.
    Perhaps the developers still watch the list.

    However, IPSec is okay for doing simple filtering that was never available
    before. Its a good way to get rid of some low lying fruit, but still
    requires additional security behind it.

    -K

    -----Original Message-----
    From: SteveFdice.com [mailto:SteveFdice.com]
    Sent: Monday, April 08, 2002 12:59 PM
    To: yago.molinadvc.es
    Cc: focus-mssecurityfocus.com
    Subject: RE: Editing MS-2000 Firewall Rules

    There's a introduction to this over at
    http://online.securityfocus.com/infocus/1559 that I just finished reading
    this morning.

    Hope this helps

    > HI, Im interested in the posibility of editing by hand the
    > firewall rules in a Windows 2000 Box such as firewall rules in Linux
    using
    > Ipchains / iptables; on the other hand, if W2k doesn't have any commands
    for
    > editing the rules i would like to know where does the system store the
    firewall
    > configuration rules: is it in a plain text file ? in a section of the
    registry ?

    Steve Fuller