Re: Win2K FireWall

From: Duane Arnold (notme_at_notme.com)
Date: 09/28/03


Date: Sun, 28 Sep 2003 18:20:13 GMT


"ClareOldie" <no-one@no-where.ie> wrote in
news:CFAdb.33812$pK2.61896@news.indigo.ie:

> Duane Arnold wrote:
>
>> Well,if you're not concerened about outbound protection, then it may
>> be good enough. I looked at Win2k FW and it didn't seem that bad. I
>> just didn't take it further and stuck with the host based FW solution
>> I am using at this time.
>>
>> I keep hearing that if you keep Win2k security patches up to date and
>> remove vulnerable services from the Win2k machine, that's a big part
>> of the protection.
>>
>> From that aspect, I don't see why that Win 2K FW would not portect as
>> well as any other host based FW. That along with a good AV for
>> Trojans, Ad-aware or something similar for spyware, Active Ports and
>> PRCview (both free) keeping an eye on outbound connections.
>>
>> The links may help to further secure your machine.
>>
>> http://support.microsoft.com/default.aspx?scid=kb;en-us;315669
>> http://www.uksecurityonline.com/husdg/windows2000.php
>>
>> HTH
>>
>> Duane :)
> Just a thought - a lot of these procedures are to disable services
> that listen on various ports and may thus be hackable.
> Would it be true to say that if IPSec is used and all these ports are
> blocled then there is no need to go through the hassle of disabling
> these? It seems so to me. If true would it not have been 'sensible' of
> MS to have implementd this by default and thus avoided much of the
> agravation caused by the last lot of attacks as on Port 135? Much more
> secure?
>
> Seán
>
>
>

I my self, have only done a few things suggested by the link. Some things
like using NTFS and setting accounts usage on NTFS properly, done a
couple of things with the registry, discovered the MS Security Analyzer,
and how to lock down IIS. I think I would be doing more, if the machines
were not behind the router with a host based FW on them. To be honest, I
have not done anything to stop any unneeded services or close unneeded
ports at the machine level.

The router and the host based FW are protecting ports and services and
against applications that are allowed to run on the machines or
communicate.

Duane :)



Relevant Pages

  • Re: black ice usage question
    ... The point is with a router already there, all ports are already being ... > With BI set in the Paranoid mode with the 1-65535 rules set, ... > protection for unsolicited inbound traffic to the machine. ...
    (comp.security.firewalls)
  • Re: P4C800ED with 4 gig RAM
    ... claiming Intel was still making 865s, ... have blown motherboards while using the rear USB ports, ... CMOS parts with no protection diodes. ... but in terms of sensitivity, there is no lower limit if a CMOS ...
    (alt.comp.periphs.mainboard.asus)
  • Re: USB hubs
    ... I even found one external hub that committed the old sin of feeding ... likely a lot lower value of protection. ... and that's a horrible choice of materials for preventing ESD ... that one or two ports are blown on it. ...
    (alt.comp.hardware.pc-homebuilt)
  • Re: Win2K FireWall
    ... >> remove vulnerable services from the Win2k machine, ... >> of the protection. ... something like Active Ports etc., ...
    (comp.security.firewalls)
  • Re: Whole house surge suppressors
    ... Communication ports are easily damaged if ports are used beyond their ... Does a surge enter on communication port, damage that port, then stop? ... That is effective protection that can be ...
    (sci.electronics.basics)