RE: Microsoft ISA Server Vulnerabilities

["David Sommers" <dsommers () dialogmedical com>]

I also doubt you have all ports over 1023 open.

You would have to create an IP Packet Filter to allow TCP ports over 1023, and these ports are only open to the 
designated Local Computer.  So if you need an application to run that requires the above ports, place it on the DMZ and 
designate only that computer as "Local computer".  If you have a B2B application and you know the IP of the remote 
computer, put that IP address under "Remote computer".

It would be hard for you to use Server Publishing to open the ports, because you'd have to create a sperate Protocol 
Definition for each port and that would take forever.

You can view which ports are "acutally" open on your ISA system by using the command "netstat -na"

David Sommers.

-----Original Message-----
From: Chris Berry [mailto:compjma () hotmail com] 
Sent: Thursday, October 17, 2002 3:46 PM
To: security-basics () securityfocus com
Subject: Re: Microsoft ISA Server Vulnerabilities


> From: "Naman Latif" <naman.latif () inamed com>
> We recently started using Microsoft ISA Server as our Proxy Server. 
> Currently in the test phase, we have Ports >1023 open access from 
> Outside. Are there any specific ports that should be blocked in 
> reference to known Vulnerabilities of ISA Server ?

Just as standard practice, you should block all ports, then allow only those 
which are required to run your software.

Chris Berry
compjma () hotmail com
Systems Administrator
JM Associates

"I have found the way, and the way is Perl."

_________________________________________________________________
Get a speedy connection with MSN Broadband.  Join now! 
http://resourcecenter.msn.com/access/plans/freeactivation.asp