RE:IP Security in a stand alone Win2003 Standart Server
From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: Fri, 8 Apr 2005 10:48:46 -0500
Nbtstat is used for netbios name resolution functions. Netstat is used for
tcp/ip. Netstat may show a lot of ports open or being used but that is not a
test of the firewall. To test a firewall you need to scan the firewall from
outside of it. A firewall can block access to ports listening on your
computer as shown by netstat. You should however evaluate the ports that are
listening and disable the associated services if they are not needed. ---
The firewall looks full of holes because nbtstat shows me that!
Witch software I need to use to test the IP opened ports ?
"Steven L Umbach" <email@example.com> escreveu na mensagem
> Why would the firewall look full of holes beyond the exceptions you have
> configured?? You can use ipsec filtering policy but you would have to open
> the same ports and though ipsec can manage outbound access also it is not
> stateful. Ipsec is recommended being used in addition to the Windows
> Firewall which has been enhanced in SP1 to be like the XP Pro Windows
> Firewall where you can configure the scope of an exception to allow access
> from only certain IP or subnet. You can use a software program like the
> Superscan 4 from Foundstone to test your firewall or use one of the free
> self scan sites to evaluate your firewall protection. Note that you do not
> need to allow dns access to the web server unless it also is a dns server.
> The same goes for mail - POP and SMTP. The links below may help. FYI do
> digitally sign newsgroup posts. --- Steve
> -- Superscan4
> http://www.securityfocus.com/infocus/1559 --- ipsec filtering.
> REPLY to:
> I have a server with Windows 2003 Standart version.
> It's a Web server and I do not have a firewall (hardware neither
> I just want to close ALL the TCP and UDP doors minus:
> - TCP 80;
> - TCP 3389;
> - TCP 53;
> - UDP 53;
> - TCP 110;
> - TCP 21;
> - TCP 25.
> I did all the configurations in Windows Firewall but the security is
> terrible. Looks like a cheese full of holes.
> Mine other option are the IP filters inside IPSec policy. Does it work?
> And the other question are... does anybody know a free software that tests
> all the opened IP ports?
> Carlos Barini.