RE: Editing MS-2000 Firewall Rules

From: Skinner, Kit (KSkinner@sandstream.com)
Date: 04/08/02 

From: "Skinner, Kit" <KSkinner@sandstream.com>
To: "'focus-ms@securityfocus.com'" <focus-ms@securityfocus.com>
Date: Mon, 8 Apr 2002 21:47:50 +0100

There was a similar article about using IPSec posted to MSDN about a year
ago. It can be found at:
http://www.microsoft.com/TechNet/itsolutions/network/maintain/security/ipsec
ld.asp

However, there have been some issues pointed out with IPSec before on this
list. For instance, there is some traffic that is exempt from all IPSec
filters. For the initial list look at article Q253169:
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q253169

You can remove the exemption for Kerberos and RSVP as described by Q254728:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;q254728

This still leaves IKE, Multicast and Broadcast traffic unfiltered. There
were some utilities developed and being developed that were posted to the
list, but I seem to be missing the links. I remember these tools utilizing
the rules underlying IP Filtering rules to do filtering by Src/Dest
Port/Address and becoming more thorough. These controls are of course
unsupported by MS, but should generate a little bit stiffer restrictions.
Perhaps the developers still watch the list.

However, IPSec is okay for doing simple filtering that was never available
before. Its a good way to get rid of some low lying fruit, but still
requires additional security behind it.

-K

-----Original Message-----
From: SteveF@dice.com [mailto:SteveF@dice.com]
Sent: Monday, April 08, 2002 12:59 PM
To: yago.molina@dvc.es
Cc: focus-ms@securityfocus.com
Subject: RE: Editing MS-2000 Firewall Rules

There's a introduction to this over at
http://online.securityfocus.com/infocus/1559 that I just finished reading
this morning.

Hope this helps

> HI, Im interested in the posibility of editing by hand the
> firewall rules in a Windows 2000 Box such as firewall rules in Linux
using
> Ipchains / iptables; on the other hand, if W2k doesn't have any commands
for
> editing the rules i would like to know where does the system store the
firewall
> configuration rules: is it in a plain text file ? in a section of the
registry ?

Steve Fuller

Relevant Pages

  • Re: TCP/IP Filtering Question
    ... Steve's advice to use IPSec is excellent and far to few ... Ipsec filtering will not block multicast and broadcast traffic, ... > For what you are doing you might want to try ipsec filtering policy using> permit and block fitter actions instead on that router computer. ... If you do> not want the same ipsec policy applied to both adapters, then configure the> actual IP address of the network adapter you want to filter instead of "my ...
    (microsoft.public.win2000.networking)
  • Re: TCP/IP Filtering Question
    ... Herb Martin ... >>> For what you are doing you might want to try ipsec filtering policy ... >>> actual IP address of the network adapter you want to filter instead of ... Ipsec filtering will not block multicast and broadcast ...
    (microsoft.public.win2000.networking)
  • RE: TCP/IP Filtering problem on W2KAS
    ... These are definitely legitimate security concerns of the Win2K ... I have employed this technique to bypass IPSec port ... Port filtering with IPSec leaves you vulnerable because only the source port ...
    (Focus-Microsoft)
  • Re: Microsoft Strategic Technology Protection Program
    ... Microsoft Strategic Technology Protection Program ... > Another potential area of confusion lies in IPSec. ... you can use the packet filtering possibilites of the RRAS ...
    (NT-Bugtraq)
  • Re: TCP/IP Filtering
    ... IPsec filtering, NOT the TCP/IP filtering feature. ... Generally, TCP and UDP connections use two port numbers, not just one... ... See below for more info and links about both TCP/IP Filtering and IPsec ...
    (microsoft.public.win2000.security)