Re: block port scanners & security recommendations

From: Neil Moore-Smith (
Date: 09/19/03

  • Next message: John Huesman: "NT4 and USB?"
    Date: Fri, 19 Sep 2003 21:59:54 +0100

    It depends what you mean by "securing" a machine. The C2 security
    certification used to virtually mean that a system wasn't connected to a
    network, was in a separate room by itself, no diskette drive or CD-ROM.
    Preferably turned off. That was fairly secure.

    Security is a trade-off between ease of use and restrictive 'safeguards'.
    You need to find the right balance for your environment. You have to find
    out whether security is worth it. I'd start by asking what the cost of being
    hacked is. It's probably higher for an e-commerce website than a web server
    serving static pages of public domain information, so its sensible to
    consider spending more time and money securing the e-commerce site.

    How 'tight' do you want your server to be? You could replace IIS with a
    hardened commercial web server. You could shut off all ports except 80, but
    then it would be a pain to administer.

    Have you looked at Microsoft's security website? They have some good
    principles and checklists of the main areas.


    "jonezy" <> wrote in message
    > is there software like portsentry thats available for windows 2000 server?
    > can someone also recommend some good software and sources for securing
    > windows 2000 server and iis?
    > TIA

  • Next message: John Huesman: "NT4 and USB?"