Ports Open PLEASE!!!!

[Santos Gómez]

Hi...

Before start i want to thanks all of you for trying to help...

I have a W2K server as a PDC and have no Firewall.. i´m trying to configure
IpSecure and IpFilter.. but.... Which ports do i have to let
open????????????? Which TCP and UDP?? I need to use IIS and Terminal
Services because we use a program called CITRIX which let us share an
application in the Internet... How do i know what port is using any
aplication and How do i know which services are the Hacker´s services??

Please help me.. i´m figthing with this for a month... The company have no
money to buy a FireWall so i have to do the best with this..

Yesterday a Hacker installed a remote control program and deleted really
important info..

Please help me.. and thanx again..

 

[Guest]

An easy way to determine what ports you need open is to use FoundStone's Fport (www.foundstone.com, in the resources -> free tools section). It maps running processes to open ports so you can tell which port a specific process uses. IIS uses inbound port tcp 80, Terminal Services uses inbound TCP 3389.

 

[Steven L Umbach]

Tell them they need a firewall now. A $29 NAT cable/dsl router will work until you
get something better. How much was your info worth and the loss of time,
productivity, profits, and inconvenience? Ipsec filtering can be a stop gap measure.
Create a mirrored rule to block all traffic. The create a mirrored rule that allows
all traffic on the subnet, a mirrored rule that permits inbound ports 80 tcp and 3389
tcp for your IIS and TS, and entries to the mirrored permitted filter list for any
allowed outbound traffic such as ports 80 tcp for http, 443 for https secure
websites, 53 upd for dns, and possibly 25, 110, 119 for mail and newsgroups. See the
links below for more info. You should also run the IIS Lockdown tool on your IIS
server, but only after doing a full backup and backing up your IIS configuration
using the IIS Management Console where you have the option to backup and restore
configuration. Check that file and print sharing is disabled on the network adapter
facing the internet [the one with the public IP addrerss]. --- Steve

http://www.securityfocus.com/infocus/1559
http://support.microsoft.com/default.aspx?scid=kb;en-us;832017
http://www.microsoft.com/downloads/...FamilyID=DDE9EFC0-BB30-47EB-9A61-FD755D23CDEC

 

[Andrew Mitchell]

Tell them they need a firewall now. A $29 NAT cable/dsl router will work
until you get something better.

I agree.
The other option is to use a product like IPCop (http://www.ipcop.org) which
will run on an old 486, gives you a fully functional DMZ and is a very secure
product.(Sorry for mentioning this in an MS newsgroup but you could also just
use plain old Linux and make your own firewall using IPTables)

Forget trying to do this with IPSec or shutting down services and do it
properly the first time.

Good luck.
Andy.