Security Basics mailing list archives
Re: Windows firewall on active directory servers
From: "Paul J. Brickett" <swarzkopf () legolas sinnerz us>
Date: Wed, 6 Feb 2008 11:04:50 -0500 (EST)
By policy, they don't have firewalls between their internal network and their external network, but rather only have firewalls implemented on each server. The reason for this is that are more concerned with their internal users (the students) than any host out on the Internet.
Mother of god.My suggestion: Strongly suggest that they reconsider their policies. You're going to run into all sorts of issues here!
Good luck. PJB On Wed, 6 Feb 2008, Dani Houpt wrote:
All, I'm working for a large school and we are deploying a new AD Forest. By policy, they don't have firewalls between their internal network and their external network, but rather only have firewalls implemented on each server. The reason for this is that are more concerned with their internal users (the students) than any host out on the Internet. When deploying AD, we came up with an issue with using the windows fireall on the AD servers. After more research, we found out that Microsoft does not recommend using the Windows firewall on AD servers. The issue has to do with limitting the RPC ports. The MS KB articles that we found specify to open 100 RPC ports but this does not seem to be enough. Has anyone had to deploy a FW on an AD DC in a large domain/forest? If so, how did you manage the RPC settings and which FW did you use? Thanks so much for your help! -Dani Houpt Dhoupt613 (at) gmail dot com On 2/5/08, Yousef Syed <yousef.syed () gmail com> wrote:I need some advice. I'm currently staying in an apartment complex that provides free wireless Internet access. The access has zero crypto - not even WEP. What can I do on my own Laptops (Mac OS X and Windows XP Pro) to make my browsing/internet usage more secure? I also want to ensure that no one else on the network is entering my systems. The Windows Laptop already has Kaspersky Internet Security and various spyware/adware checkers etc Thanks, ys -- Yousef Syed CISSP http://www.linkedin.com/in/musashi-- Sent from Gmail for mobile | mobile.google.com
Current thread:
- Windows firewall on active directory servers Dani Houpt (Feb 06)
- Re: Windows firewall on active directory servers Paul J. Brickett (Feb 06)
- Re: Windows firewall on active directory servers Ansgar -59cobalt- Wiechers (Feb 06)
- RE: Windows firewall on active directory servers Dan Lynch (Feb 06)
- <Possible follow-ups>
- Re: Windows firewall on active directory servers jfvanmeter (Feb 07)