|
Posted by Steven L Umbach on June 27, 2005, 11:35 pm
Please log in for more thread options
First off a firewall should be used at the perimiter to protect your network
from unwanted access. Beyond that you can either close ports by disabling
the service or application that uses them or block them with a host based
firewall. You can use free utilties like TCPView and Process Explorer from
SysInternals to find what application or service is using a particilar port.
The commands netstat -ano, netstat -anb, and tasklist /svc will also be
helpful in seeing what executeables and process ID's are associated with a
port. Tasklist /svc will show what services are associated with an instance
of svchost. Ipsec policy can also be used to restrict access to ports on a
computer with either an ipsec filtering policy or with an ipsec negotation
policy that requires computer authnetication before access is allowed to a
computer on the ports restricted by ipsec.
http://www.microsoft.com/windowsserver2003/technologies/networking/ipsec/default.mspx
--- Windows 2003 ipsec
Use the free tool Microsoft Baseline Security Analyzer to check for
vulnerabilites on your computer including services that may not be needed.
The Windows 2003 Server Security Guide also has excellent information on
what services should be enabled on servers by role and also recommendations
for ipsec filtering policy. If you are using SP1 you can take advantage of
the Security Configuration Wizard as shown in the first link below to help
configure your servers with only the needed services and to implement an
ipsec filtering policy. --- Steve
http://www.microsoft.com/windowsserver2003/technologies/security/configwiz/default.mspx
http://www.microsoft.com/technet/security/tools/mbsahome.mspx --- MBSA
http://support.microsoft.com/default.aspx?scid=kb;en-us;832017 --- Windows
Server ports
http://www.microsoft.com/technet/security/prodtech/windowsserver2003.mspx
--- TechNet Security for windows 2003
> Hello,
>
> I just starting testing GFI LANguard and did a scan on some computers
> and I am noticeing open ports and ones that are not mentioned in NetStat.
>
> What I am wondering is how can I stealth ports or at least close them?
> Also, I know of some sites that tell port numbers but they are ganeric.
> Are there any that are specific to windows.
>
> I want to make sure I don't turn the wrong things off. Since some of
> these systems are DC's and other servers.
> --
> Thank you,
>
> TC
>
> Please reply to the newsgroup so we can all learn from others.
> Thanks.
>
| 
XML Sitemap