Port Restriction without firewall

  • Thread starter Thread starter Alpago_microsoft addictive
  • Start date Start date
A

Alpago_microsoft addictive

Hi to everyone!

My Friends I have a problem with tcp/ip connection using some ports...I
wanna limit or disable these ports without the power of firewall...Why I
wanna choose this problem is that in our company domain users can disable
firewall and it does not work unfortunately... Maybe a solution with a
registry script can limit the specified ports..may distribute these script
within the group policy and solve the problem as well...is there any script
there or any other solution..?Please help!This is important for our company
because something may happen against law because of some using web-tunnel
programming using some ports....
Thanks for your help by now....
 
From: "Alpago_microsoft addictive" <[email protected]>

| Hi to everyone!

| My Friends I have a problem with tcp/ip connection using some ports...I
| wanna limit or disable these ports without the power of firewall...Why I
| wanna choose this problem is that in our company domain users can disable
| firewall and it does not work unfortunately... Maybe a solution with a
| registry script can limit the specified ports..may distribute these script
| within the group policy and solve the problem as well...is there any script
| there or any other solution..?Please help!This is important for our company
| because something may happen against law because of some using web-tunnel
| programming using some ports....
| Thanks for your help by now....

Then use a FirewWall Appliance.
 
Alpago_microsoft addictive said:
Hi to everyone!

My Friends I have a problem with tcp/ip connection using some ports...I
wanna limit or disable these ports without the power of firewall...Why I
wanna choose this problem is that in our company domain users can disable
firewall and it does not work unfortunately... Maybe a solution with a
registry script can limit the specified ports..may distribute these script
within the group policy and solve the problem as well...is there any
script there or any other solution..?Please help!This is important for our
company because something may happen against law because of some using
web-tunnel programming using some ports....
Thanks for your help by now....
Click to expand...

It makes absolutely no sense to me that your domain users can turn off the
firewall. This is the part you need to fix. If you really can't do this
(and why ever not?!), then restrict the ports on your router. Even simple
consumer-level routers will let you do this. If this is what you're using
for your company, consider purchasing better edge security. Sonicwall makes
very good products.

Malke
 
Hi to everyone!
My Friends I have a problem with tcp/ip connection using some
ports...I wanna limit or disable these ports without the power of
firewall...Why I wanna choose this problem is that in our company
domain users can disable firewall and it does not work
unfortunately... Maybe a solution with a registry script can limit
the specified ports..may distribute these script within the group
policy and solve the problem as well...is there any script there or
any other solution..?Please help!This is important for our company
because something may happen against law because of some using
web-tunnel programming using some ports....
Thanks for your help by now....
Click to expand...

Are those users on admin accounts? If so, that needs to be taken care
of first, and quickly. Make them Power Users, limited users, whatever,
but take away full Admin priviledges. I'm no guru by any means on domain
setups, but:

Why not set their accesses/permissions so they cannot turn off the
firewall? Or even make the firewall its own user. You give little
information, but allowing users to control the firewall seems like a
very bad decision easily fixed, to me. I think the way you're going
about it is nothing but a bandaid waiting for a work-around.

In addition, since it's a "company", a stated and distributed policy
should make it a fire-able offense for messing with ANY of the company's
computers and settings, and same should be enforced. So ... IMO,
-- do the policy thing
-- repair the firewall if it needs repair
-- Adjust user access & permissions to they cannot do that.
-- Think about what else they can hack easily, make the adjustments,
implement them, then re-issue the policy accordingly and continue to
enforce it.

Employees who violate company rules should not be employees. But don't
be an A-hole about it; be reasonable, be public with your reasons for
the changes, & don't use any names in public. Secure everything that is
critical.

Just my 2 ¢
 
Actually you are wright but firewall enabled(windows xp firewall) users can
also use the application (web-tunnel program) and may access the sites
against the law...may be there is a method or something else maybe it is
possible not to listen to anything on the loopback(localhost:127.0.0.1) May
we prevent localhost to listening ports?If it is so, the problem will
disapper at least I hope :)
Thanks for your answers by now....
 
Alpago_microsoft addictive said:
Actually you are wright but firewall enabled(windows xp firewall) users
can also use the application (web-tunnel program) and may access the sites
against the law...may be there is a method or something else maybe it is
possible not to listen to anything on the loopback(localhost:127.0.0.1)
May we prevent localhost to listening ports?If it is so, the problem will
disapper at least I hope :)
Thanks for your answers by now....
Click to expand...

You've already gotten answers. If you've made the mistake of setting your
users up as administrators, you need to change them to standard users.
Standard users cannot install programs and cannot change firewall settings.

You can manage ports from your router. You can purchase a firewall appliance
like the ones from Sonicwall (just as an example).

There really is nothing further to say on the subject. If you can't figure
out how to do this - and we all have our areas of expertise - then hire a
professional computer consultant who can set you up securely and properly.

EOT for me.

Malke
 
Back
Top