Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Securing a Win2k DNS server outside firewall...

From: "VNV Jeep" <vnvjeep () hotmail com>
Date: Fri, 06 Jun 2003 14:30:41 -0400
Thanks for the message back, Bob...


I'm pretty sure that if you unbind File and Print sharing and client for
Microsoft Networks from the network adapter, it will stop responding to
RPC requests. If you're only using the boxes for DNS, it shouldn't cause
any problems.
Unfortunately that isn't the case. I have everything disabled with the exception if TCP/IP in the nic properties. I had the same thought that you did back when I set these up... no dice.
I was even thinking of disabling the RPC service, but apparently the DNS service relies on it... so I guess I'm forced to keep it running. 

Other suggestions I've received (thanks to all who responded sofar):
- Block 135 from the router to this particular IP
- Use IPsec/GP for 135.
- Stick the DNS boxes in a DMZ.

Take care,
Mike

_________________________________________________________________
The new MSN 8: advanced junk mail protection and 2 months FREE* http://join.msn.com/?page=features/junkmail 


---------------------------------------------------------------------------
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: