Security Basics mailing list archives
RE: Securing a Win2k DNS server outside firewall...
From: "type_o" <type_o () canada com>
Date: Sun, 08 Jun 2003 02:16:49 -0700 (PDT)
Hi Mike,
To be honest, I don't like the tcp/ip filtering in win2k. It gave me problems with
udp traffic, and it cant block icmp traffic properly.
I prefer using ipsecpol to create a good policy. it looks like a mini-personal-firewall.
simply use something like:
ipsecpol -w REG -p "DNSPOL" -o
ipsecpol -x -w REG -p "DNSPOL" -r "BlockAll" -n BLOCK -f 0=*::*
ipsecpol -x -w REG -p "DNSPOL" -r "AllowICMP" -n PASS -f 0=*:*:ICMP
ipsecpol -x -w REG -p "DNSPOL" -r "AllowDNS" -n PASS -f *+0:53:UDP
you can find ipsecpol.exe + help in the resource kit of win2k
--type_o
---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------
Current thread:
- RE: Securing a Win2k DNS server outside firewall..., (continued)
- RE: Securing a Win2k DNS server outside firewall... David Gillett (Jun 06)
- RE: Securing a Win2k DNS server outside firewall... Richard Parry (Jun 06)
- Re: Securing a Win2k DNS server outside firewall... beartman (Jun 06)
- RE: Securing a Win2k DNS server outside firewall... dave (Jun 06)
- RE: Securing a Win2k DNS server outside firewall... Bermingham, Bob (Jun 06)
- RE: Securing a Win2k DNS server outside firewall... VNV Jeep (Jun 06)
- RE: Securing a Win2k DNS server outside firewall... Manuel Fernandes (Jun 09)
- RE: Securing a Win2k DNS server outside firewall... Minneker, Andrew L. (Jun 06)
- RE: Securing a Win2k DNS server outside firewall... Pascal Rossillon (Jun 06)
- RE: Securing a Win2k DNS server outside firewall... VNV Jeep (Jun 06)
- RE: Securing a Win2k DNS server outside firewall... type_o (Jun 09)