Security Basics mailing list archives
RE: question about blocking ports in W2K
From: "Bruyere, Michel" <mbruyere () ezemcanada com>
Date: Mon, 17 Mar 2003 13:07:42 -0500
Hi, You can setup a "personnal firewall" on your W2K box if you don't want to put a router and using NAT. BTW using NAT doesn't give you "much more" security, in fact the combination firewall-NAT can give you a good security (or at least a good start). I've been running an XP station right on the public side of our corp link (for testing purposes) and here is the setup i had. A Linksys Router doing NAT and the incorporated firewall(was using port forwarding for the needed services) + Zone alarm on the station allowing only the services we wanted. few months later, Nothing bad happenend to the sation... Hope this help Just My 0.02$ Michel B. Network/systems administrator
-----Original Message----- From: Lists [mailto:lists () digitaltravel net] Sent: vendredi 14 mars 2003 18:18 To: security-basics () securityfocus com Subject: question about blocking ports in W2K Just a question for all your experts out there, how safe is it to close
all
ports and only open the ones necessary on a W2K server with a public ip address and no firewall in between? And how much security would I gain by putting a little router in between, give the server a private address and use NAT? What device would you recommend? netscreen? sonicwall? any other vendor? thanks, Daniel
Current thread:
- question about blocking ports in W2K Lists (Mar 17)
- <Possible follow-ups>
- RE: question about blocking ports in W2K Bruyere, Michel (Mar 18)