Through the operating system, ports are open and closed by enabling or
disabling the corresponding service/application. Using netstat -an will
give you an idea what ports are listening or connected. However many of the
necessary ports needed for a functional network are the ones vulnerable to
untrusted networks, such as file and print sharing. The only way to protect
the network is with a firewall or some sort of port filtering [a distant
second alternative]. Every computer should have the minimum services
necessary to be functional. Microsoft Baseline Security Analyzer can help
with that. For instance, every installation of W2K server also has IIS up
and running on it! However do not start disabling services unless you know
which ones should NOT be disabled. As disabling the wrong service can cause
you a lot of grief . Technet Security site will help you lock down your
servers, but you really need a firewall - not on each server, but at least
at the network perimiter. Also read the Windows 2000 Security Hardening
Guide. --- Steve
http://support.microsoft.com/default.aspx?kbid=320454
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/
http://securityadmin.info/faq.asp#harden -- From FAQ.
http://www.eweek.com/article2/0,4149,1239473,00.asp --- Link to Windows
2000 Security HG