Ip filtering

[JimK]

Does anyone have documentation showing which ports should be opened for a
system having several kinds of servers, including mail, web(2), IAS, FTP All
using AD, if I should implement tcp/ip filtering on them.

The tech net site has a "How To", but I get completely lost trying to figure
which port for each system. since they share some functions, kike the IAS
machine is also backup DNS. The DNS server is also my backup mail handler. I
am going to have to do this on a live system with approximately 3000
dial-up, 500 wireless and 400 FR/P2P customers.

We have a PIX firewall but there are 3 servers in the dmz because of the
configuration I inherited.

All servers are patched, but we are living on the edge wondering when the
next "big" hole is opened.

 

[Steven L Umbach]

Hi Jim. You have a fairly complex setup. I would start by mapping exactly
what each of the three servers do in the dmz and exactly what services they
need to provide to inbound access from the internet and from who - everybody
or specific addreses [I probably don't need to tell you that]. Running
netstat -an on them will be a start as to what ports are currently being
used [legitimate and possibly malcious]. A firewall is preferrable to ip
filtering for a lot of reasons, but I know a lot of places aren't allowed to
spend much these days. Enabling ip filtering requires a reboot. Ipsec
filtering as an alternative does not and can also block outbound access
[still not as good as a firewall]. You may want to enlist professional help
since you can not afford a lot of down time. --- Steve

http://www.microsoft.com/WINDOWS2000/techinfo/reskit/samplechapters/cnfc/cnfc_por_simw.as
http://tinyurl.com/kn7y --- Common Windows Ports.
http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q289241