http://www.microsoft.com/serviceproviders/columns/config_ipsec_P63623.asp
Steve's suggestions above are excellent -- here's another good one.
I am working on a Perl program to generate my IPSecPol batch file -- it's
not quite production quality (I must review and sometimes tweak the output
before running it) and it contains some limited proprietary information that
I
am willing to share with you but don't wish to post in a public
newsgroup....
Email is fine if you are interested.
You will want a copy of the IANA Port number assignements (text):
ftp://ftp.iana.org/assignments/port-numbers (searching for microsoft.com,
ms-, and netbios find a bunch of things.)
Steve Gibson's
https://NanoProbe.GRC.com and his older "Shields UP"
(their different pages) offer scans focused on MS resources and discussion.
You can learn a lot visiting the SCAN websites that check your
configuration.
doesn't distinguish CLOSED from STEALTH)
Link to MS networking topics
http://www.hojmark.net/applications.html#win
Odds and ends follow (don't expect full sentences or any structure):
=========================
The following Trojans use these ports:
SubSeven, NetBus, SubSeven, Back Orifice, BioNet
27374, 12345, 1243, 31337, 12348.
=========================
MSN Messenger
http://www.microsoft.com/windowsxp/pro/techinfo/deployment/natfw/default.asp
To configure your network for voice communications and file transfer
Open outgoing TCP connections to Port 1863 on your proxy servers.
For voice communications establishes an outgoing TCP connection from
port 6901 for all voice communications.
In the case of computer-to-computer communications, the call recipient
also uses TCP port 6901.
In the case of computer-to-phone communications, the TCP destination
(Net2Phone) port is between 7801 and 7825.
All voice traffic also uses UDP packets. The user's computer sends
and receives UDP packets at port 6901.
The Net2Phone service sends and receives UDP packets using ports 6801,
6901, and 2001 to 2120.
For file transfer Both incoming and outgoing TCP connections use this range
of ports: 6891 to 6900.
This allows up to 10 simultaneous file transfers per sender. If you open
only Port 6891, users will be
able to do only one file transfer at a time.
=========================
The link to first article may help. It talks about ports/protocols
that need to be available to domain computers - not the internet. However
ipsec is usually configured to block all ip traffic. Then permit rules for
the lan, needed outbound ports such as mail, http/80, https/443, and dns/53.
If any services are provided for access from the internet, then permit rules
will need to configured for inbound for them like webserver port 80, etc.
Also go to TechNet security where there are examples how to secure specific
server roles/applications. --- Steve
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/default.asp
