Port and File-Blocking Best Practices
From: Dave (anonymous_at_discussions.microsoft.com)
Date: 03/04/05
- Next message: Desmond Lee: "Re: Password policy"
- Previous message: wlapp: "Login for Windows 2000 Professional issue"
- Next in thread: Desmond Lee: "RE: Port and File-Blocking Best Practices"
- Reply: Desmond Lee: "RE: Port and File-Blocking Best Practices"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 3 Mar 2005 16:50:46 -0800
Hi All,
Does there exist anywhere a list of port- and file-blocking
"best practices" for use with intrusion
detection/prevention apps running on Windows 2000?
I recently purchased McAfee VirusScan Enterprise and am
very pleased with the ease by which I can block ports to
all but trusted/specified apps and also block or log access
to sensitive files and directories. I imagine that other
apps are similarly convenient to setup and use (compared to
the obnoxiously cryptic Event Viewer auditing).
But the sample rules have only whetted my appetite. For
example, changes to various filetypes are logged, including
EXE, DLL, PIF and SCR. Likewise, web downloads (port 80)
are restricted to all but iexplore.exe, etc. I know there
are plenty of other file extensions and rules to use with
such apps.
Does a list of "best practices" exist?
Any advice is appreciated.
- Next message: Desmond Lee: "Re: Password policy"
- Previous message: wlapp: "Login for Windows 2000 Professional issue"
- Next in thread: Desmond Lee: "RE: Port and File-Blocking Best Practices"
- Reply: Desmond Lee: "RE: Port and File-Blocking Best Practices"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
