RE:IP Security in a stand alone Win2003 Standart Server

From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 04/08/05


Date: Fri, 8 Apr 2005 10:48:46 -0500

Nbtstat is used for netbios name resolution functions. Netstat is used for
tcp/ip. Netstat may show a lot of ports open or being used but that is not a
test of the firewall. To test a firewall you need to scan the firewall from
outside of it. A firewall can block access to ports listening on your
computer as shown by netstat. You should however evaluate the ports that are
listening and disable the associated services if they are not needed. ---
Steve

Reply to:

The firewall looks full of holes because nbtstat shows me that!

Witch software I need to use to test the IP opened ports ?

"Steven L Umbach" <n9rou@nospam-comcast.net> escreveu na mensagem
news:OA$mIo$OFHA.508@TK2MSFTNGP12.phx.gbl...
> Why would the firewall look full of holes beyond the exceptions you have
> configured?? You can use ipsec filtering policy but you would have to open
> the same ports and though ipsec can manage outbound access also it is not
> stateful. Ipsec is recommended being used in addition to the Windows
> Firewall which has been enhanced in SP1 to be like the XP Pro Windows
> Firewall where you can configure the scope of an exception to allow access
> from only certain IP or subnet. You can use a software program like the
> free
> Superscan 4 from Foundstone to test your firewall or use one of the free
> self scan sites to evaluate your firewall protection. Note that you do not
> need to allow dns access to the web server unless it also is a dns server.
> The same goes for mail - POP and SMTP. The links below may help. FYI do
> not
> digitally sign newsgroup posts. --- Steve
>
> http://www.foundstone.com/index.htm?subnav=resources/navigation.htm&subcontent=/resources/proddesc/superscan4.htm
> -- Superscan4
> http://www.securityfocus.com/infocus/1559 --- ipsec filtering.
>
> REPLY to:
>
> I have a server with Windows 2003 Standart version.
> It's a Web server and I do not have a firewall (hardware neither
> software).
> I just want to close ALL the TCP and UDP doors minus:
> - TCP 80;
> - TCP 3389;
> - TCP 53;
> - UDP 53;
> - TCP 110;
> - TCP 21;
> - TCP 25.
>
> I did all the configurations in Windows Firewall but the security is
> terrible. Looks like a cheese full of holes.
> Mine other option are the IP filters inside IPSec policy. Does it work?
>
> And the other question are... does anybody know a free software that tests
> all the opened IP ports?
>
> tks.
>
> Carlos Barini.
>



Relevant Pages

  • Re: ISA2004 SP2: EventID 14148
    ... No firewall is active on the Cisco and all ports are passed through. ... Most likely it is IIS. ... are no thing different for web server publishing and IIS. ...
    (microsoft.public.isa.configuration)
  • Re: Webserver, DMZ, ports questions
    ... Internet accesible services like SMTP have a seperate ... DMZ or a third interface in the firewall. ... As far as source / destination ports goes. ... from the internet to my web server, ...
    (Focus-Microsoft)
  • Re: Root exploit for FreeBSD
    ... for two ports to my FreeBSD portscluster nodes. ... and it gives the firewall ... US this is also quite common, at least with regards to University ... if your computer is going to connect on our network it must be configured in certain ways and behave "normally" or you won't get a connection. ...
    (freebsd-questions)
  • Re: Root exploit for FreeBSD
    ... for two ports to my FreeBSD portscluster nodes. ... and it gives the firewall ... US this is also quite common, at least with regards to University ... if your computer is going to connect on our network it must be configured in certain ways and behave "normally" or you won't get a connection. ...
    (freebsd-current)
  • Re: Trouble accessing Outlook Web Access from behind firewall
    ... When starting the firewall I also set ... > rejected and dropped packets are logged, however I see nothing in my log ... > # Higher ports needed to accept incoming/outgoing calls ...
    (comp.security.firewalls)