Re: Easy way to block specific ports Windows 2000 Server
- From: "Steven L Umbach" <n9rou@xxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Sun, 25 Jun 2006 11:15:10 -0500
No Windows 2000 does not have VNC built in. It was somehow installed on your
server. Checking the time that the folder was created and the owner of that
folder may give you a clue as to what happened and I would seriously
consider rebuilding the server operating system if there is no good
explanation as who knows what else is installed on the server copying
keystrokes, etc.. A perimeter firewall is your best first line of defense
particularly one that has a default block all rule for inbound and outbound
and you define the authorized exceptions. Yes an ipsec filtering policy can
be used to manage port access as an additional layer of defense but it was
not really meant to replace a real firewall and lacks any meaningful logging
particularity in Windows 2000. For Windows 2000 be sure to also run the
IISLockdown/URLscan tool from Microsoft on your server since you have not
done so since it as a web server assuming you are describing inbound ports
you want to manage in your list. Running the MBSA tool would also be a great
idea to check for basic server security configuration and be sure to
regularly check your security log via Event Viewer for any suspicious
activity. The links below may help. --- Steve
http://www.securityfocus.com/infocus/1559 --- example of ipsec filter
policy. Be sure to get the source and destinations right.
http://www.microsoft.com/technet/security/tools/mbsahome.mspx --- MBSA
http://www.microsoft.com/technet/security/tools/locktool.mspx --- IIS
Lockdown tool
http://www.microsoft.com/technet/security/topics/serversecurity/avdind_4.mspx
--- this chapter can help show you how to check for and track down
malicious activity.
"Zoom" <Zoom@xxxxxxxx> wrote in message
news:_I6dnQFMX988MwPZnZ2dnUVZ_sCdnZ2d@xxxxxxxxxxxxxx
Hi,
We recently had our Windows 2000 Server hacked via VNC. I was wondering
if
any experts could provide advise on the following. Forgive my naive
understanding of this process.
(1) How does one get access via VNC? Does one need to have a VNC Server
on
the server end or does Windows 2000 have an inherent VNC built in?
(2) We were thinking of blocking all ports except 80,8080,443, 3389 (for
remote desktop), 5631 (For PcAnywhere), 21 and 25. Is this a reasonable
approach? I saw a few articles on using IPsec to do this but I can't
find
any straightforward instructions how to block specific ports. Can anyone
provide any instructions / links to articles that show how to do this?
Thanks for any help anyone can provide,
Zoom
.
- References:
- Prev by Date: Easy way to block specific ports Windows 2000 Server
- Next by Date: Re: Easy way to block specific ports Windows 2000 Server
- Previous by thread: Easy way to block specific ports Windows 2000 Server
- Next by thread: Re: Easy way to block specific ports Windows 2000 Server
- Index(es):
