RE: question about blocking ports in W2K

["Bruyere, Michel" <mbruyere () ezemcanada com>]

Hi, 
        You can setup a "personnal firewall" on your W2K box if you don't
want to put a router and using NAT. BTW using NAT doesn't give you "much
more" security, in fact the combination firewall-NAT can give you a good
security (or at least a good start).  I've been running an XP station right
on the public side of our corp link (for testing purposes) and here is the
setup i had. 
A Linksys Router doing NAT and the incorporated firewall(was using port
forwarding for the needed services) + Zone alarm on the station allowing
only the services we wanted. few months later, Nothing bad happenend to the
sation...

Hope this help

Just My 0.02$ 

Michel B.
Network/systems administrator


> -----Original Message-----
> From: Lists [mailto:lists () digitaltravel net]
> Sent: vendredi 14 mars 2003 18:18
> To: security-basics () securityfocus com
> Subject: question about blocking ports in W2K
>
> Just a question for all your experts out there, how safe is it to close
all
> ports and only open the ones necessary on a W2K server with a public ip
> address and no firewall in between?
> And how much security would I gain by putting a little router in between,
> give the server a private address and use NAT?
> What device would you recommend? netscreen? sonicwall? any other vendor?
>
> thanks, Daniel