Re: Easy way to block specific ports Windows 2000 Server

"Zoom" <Zoom@xxxxxxxx> wrote in message
news:_I6dnQFMX988MwPZnZ2dnUVZ_sCdnZ2d@xxxxxxxxxxxxxx
Hi,

We recently had our Windows 2000 Server hacked via VNC. I was wondering
if
any experts could provide advise on the following. Forgive my naive
understanding of this process.

(1) How does one get access via VNC? Does one need to have a VNC Server
on
the server end or does Windows 2000 have an inherent VNC built in?

Access must first be obtained sufficient to allow install of the software
that will listen for connections

(2) We were thinking of blocking all ports except 80,8080,443, 3389 (for
remote desktop), 5631 (For PcAnywhere), 21 and 25. Is this a reasonable
approach?

It is reasonable to limit a machine's exposure to the network, so that
only what is a defined need is allowed. For example, tcp 3389 for only
a specific set of IPs, etc.. Personally I do not see a need for PcAnywhere,
and believe that running either telenet or ftp in the forms supplied with
Windows server (outside of an encrypted IPsec connection) is one way
to ask for trouble.

I saw a few articles on using IPsec to do this but I can't find
any straightforward instructions how to block specific ports. Can anyone
provide any instructions / links to articles that show how to do this?


As you are one W2k you should be aware of the predefined exceptions
in the W2k IPsec filtering that exist in order to allow initial Kerberos IKE
negotiation and the ways to tighten in this regard.
http://support.microsoft.com/kb/811832/en-us

As you have not indicated the nature of the needed connections, whether
with known machines, etc. all in domain or not, etc. there are many unknowns
that would impact the types of use you could make of IPsec.
http://support.microsoft.com/kb/313190/en-us
http://support.microsoft.com/kb/813878/en-us
might be a starting point for you
http://www.microsoft.com/technet/itsolutions/network/ipsec/default.mspx
keys you into some of the MS public doc on use of IPsec


.

Relevant Pages