Security Basics mailing list archives
RE: Securing a Win2k DNS server outside firewall...
From: "Manuel Fernandes" <manuelf () mailblocks com>
Date: Fri, 6 Jun 2003 16:12:10 -0700
Cheap, quick and dirty solution. Have you considered just implementing port filtering on the TCP/IP on the machine itself. Just open the desired ports (i.e. DNS/HTTP/LDAP) and block the rest! Read more: http://www.jsiinc.com/SUBL/tip5700/rh5799.htm I would work towards a DMZ someday. Manuel -----Original Message----- From: VNV Jeep [mailto:vnvjeep () hotmail com] Sent: Friday, June 06, 2003 11:31 AM To: Bob.Bermingham () idc-mcs com; security-basics () securityfocus com Thanks for the message back, Bob...
I'm pretty sure that if you unbind File and Print sharing and client for Microsoft Networks from the network adapter, it will stop responding to RPC requests. If you're only using the boxes for DNS, it shouldn't cause any problems.
Unfortunately that isn't the case. I have everything disabled with the exception if TCP/IP in the nic properties. I had the same thought that you did back when I set these up... no dice. I was even thinking of disabling the RPC service, but apparently the DNS service relies on it... so I guess I'm forced to keep it running. Other suggestions I've received (thanks to all who responded sofar): - Block 135 from the router to this particular IP - Use IPsec/GP for 135. - Stick the DNS boxes in a DMZ. Take care, Mike _________________________________________________________________ The new MSN 8: advanced junk mail protection and 2 months FREE* http://join.msn.com/?page=features/junkmail --------------------------------------------------------------------------- ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ----------------------------------------------------------------------------
Current thread:
- Securing a Win2k DNS server outside firewall... VNV Jeep (Jun 06)
- RE: Securing a Win2k DNS server outside firewall... David Gillett (Jun 06)
- RE: Securing a Win2k DNS server outside firewall... Richard Parry (Jun 06)
- Re: Securing a Win2k DNS server outside firewall... beartman (Jun 06)
- RE: Securing a Win2k DNS server outside firewall... dave (Jun 06)
- <Possible follow-ups>
- RE: Securing a Win2k DNS server outside firewall... Bermingham, Bob (Jun 06)
- RE: Securing a Win2k DNS server outside firewall... VNV Jeep (Jun 06)
- RE: Securing a Win2k DNS server outside firewall... Manuel Fernandes (Jun 09)
- RE: Securing a Win2k DNS server outside firewall... Minneker, Andrew L. (Jun 06)
- RE: Securing a Win2k DNS server outside firewall... Pascal Rossillon (Jun 06)
- RE: Securing a Win2k DNS server outside firewall... VNV Jeep (Jun 06)
- RE: Securing a Win2k DNS server outside firewall... type_o (Jun 09)