Re: Windows Server 2000 port lock down
From: Ansgar -59cobalt- Wiechers (bugtraq_at_planetcobalt.net)
Date: 08/27/05
- Previous message: Nikolai Alexandrov: "Re: Ping, ICMP and TCP Ping"
- In reply to: SandySue_at_epix.net: "Windows Server 2000 port lock down"
- Next in thread: Ramki B: "RE: Windows Server 2000 port lock down"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 27 Aug 2005 02:32:38 +0200 To: security-basics@securityfocus.com
On 2005-08-26 SandySue@epix.net wrote:
> Can anyone direct me to a set of windows commands to close ports on a
> Windows 2000 server (or if necessary, a third party application that
> can be loaded on a Windows 2000 server to close ports). I'm looking
> for a solution to close ports that encompasses the least amount of
> process overhead; the goal is lock down outbound traffic. The
> solution must work on a 2000 Server.
Disable the services you don't want to provide. Remove services that
can't (or must not) be disabled from external interfaces. There is no
out-of-the-box solution, because nobody could guess which services you
need to provide and which you don't.
net help stop
sc /?
netstat /?
http://support.microsoft.com/default.aspx?scid=kb;en-us;832017
http://www.hsc.fr/ressources/breves/min_srv_res_win.en.html
http://www.blackviper.com/WIN2K/servicecfg.htm
http://www.ntsvcfg.de/ntsvcfg_eng.html (the script could be used as a
template)
HTH
Regards
Ansgar Wiechers
-- "Another option [for defragmentation] is to back up your important files, erase the hard disk, then reinstall Mac OS X and your backed up files." --http://docs.info.apple.com/article.html?artnum=25668
- Previous message: Nikolai Alexandrov: "Re: Ping, ICMP and TCP Ping"
- In reply to: SandySue_at_epix.net: "Windows Server 2000 port lock down"
- Next in thread: Ramki B: "RE: Windows Server 2000 port lock down"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
