Re: TCP/IP Protocol Filter

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: Marin Marinov (mlmarinov_at_askme.ca)
Date: 04/18/04 

Date: Sun, 18 Apr 2004 16:20:15 -0400

In article <6CC20CFB-D223-4ADF-8F01-942D8FCED970@microsoft.com>,
anonymous@discussions.microsoft.com says...
> What is the best way to keep my server security tight: usa a firewall or simply select some ports, like 21, 80, 110 and a few to keep my services running? Filter my net adapter, enabling the option Tcp/IP filtering... thanks
>
Depends on what you'll use it for and how secure you need it to be ;) A
general answer to your specific question, but nontheless: the best
approach is to initially close everything and then open only the ports
for the services that need to communicate. Of course, this is far from
enough, a few points to also keep in mind are:
1) traffic travels in clear text (most of the times)
2) you can't inspect traffic contents unless you use specific software
3) you have no guarantee for authenticity unless you use a protocol that
will give you this
4) you're not in no way protected against intrussions and all sorts of
attacks unless you implement intrusion detection
5) Higher security = harder management = more user unfriendly ;)

As for the port closing part - you can use filtering (btw, RRAS gives
you greater control on those) or IPSec. It doesn't hurt to also have a
firewall but a general rule is to have as few ports open as possible and
have multiple layers of protection. It really depends on the specific
scenario - generally you don't put firewalls before intranet servers ;)

HTH 

-- 
Cheers,
   Marin Marinov
   MCT,MCSE 2003,MCSE:Security 2003
-
This posting is provided "AS IS" with no warranties, and confers no 
rights.

Relevant Pages

  • Re: black ice usage question
    ... > to restrict the entire machine from accessing certain ports either. ... > good firewall will allow the user to restrict all access to only the ... > when it comes to outbound protection. ...
    (comp.security.firewalls)
  • Re: Black Ice is bad stuff! BEWARE!
    ... BID's firewall to do many things to protect my home network. ... because I have read the Adv User Manual for BlackIce. ... IP* on those two ports. ... The protection of the machine is a process and is not a given! ...
    (comp.security.firewalls)
  • Re: Stay Away From Norton Personal Firewall and Norton Internet Security Suite (Was: Re: Recommenda
    ... UPD ports. ... BID's IDS protects *open* ports and will instruct its firewall to close a ... BID's IDS/firewall Communication control provides protection against ... BID's IDS/firewall real time Application control provides protection ...
    (comp.security.firewalls)
  • Re: Havent been attacked since 3-31????
    ... That was open and said it appeared I have no Firewall:o ... Tested the Ports again and ... sort of protection that is eliminating most attacks? ...
    (comp.security.firewalls)
  • Re: Root exploit for FreeBSD
    ... for two ports to my FreeBSD portscluster nodes. ... and it gives the firewall ... US this is also quite common, at least with regards to University ... if your computer is going to connect on our network it must be configured in certain ways and behave "normally" or you won't get a connection. ...
    (freebsd-questions)