[windows2000] Re: IPSec

  • From: Frank Monroe <Frank.Monroe@xxxxxxxxxxx>
  • To: "'windows2000@xxxxxxxxxxxxx'" <windows2000@xxxxxxxxxxxxx>
  • Date: Mon, 16 Dec 2002 16:46:38 -0500

Again, why mess with large filter lists.  Just put a certificate on your
server and on your PC and setup true IPSEC with encryption between your PC
and that server.  Then your PC will have full access to all ports and the
data stream is encrypted.  And, it will still work even if your IP address
changes on your PC.

-----Original Message-----
From: Costanzo, Ray [mailto:rcostanzo@xxxxxxxxxxx]
Sent: Monday, December 16, 2002 11:24 AM
To: windows2000@xxxxxxxxxxxxx
Subject: [windows2000] Re: IPSec



My ideal setup is:

Only port 80 and 229 (ssl, right?)

BUT
allow any port if requesting IP is my IP.

Ray at work

> -----Original Message-----
> From: Jim Kenzig [mailto:jimkenz@xxxxxxxxxxxxxx]=20
> Sent: Monday, December 16, 2002 11:20 AM
> To: windows2000@xxxxxxxxxxxxx
> Subject: [windows2000] Re: IPSec
>=20
>=20
>=20
> Yes,
> I use IPSec IP Filtering on my web server. I block all=20
> incoming ports except
> port 80. Get to IP Security Filtering by going to your Local=20
> area connection
> properties, Internet Protocol, click on the properties=20
> button, then click on
> the advanced button on the IP screen.=20
> Then click on the options tab and highlight TCPIP Filtering=20
> and click on the
> properties button. Check the box to enable IP Filtering and=20
> only allow the
> ports incoming that you want  people to access.
>=20
> Regards,
> Jim Kenzig
> http://thethin.net
>=20
>=20
> -----Original Message-----
> From: windows2000-bounce@xxxxxxxxxxxxx
> [mailto:windows2000-bounce@xxxxxxxxxxxxx]On Behalf Of Rob Combis
> Sent: Monday, December 16, 2002 11:10 AM
> To: windows2000@xxxxxxxxxxxxx
> Subject: [windows2000] Re: IPSec
>=20
>=20
>=20
> Ray-
> Take a look at this document.
>=20
http://www.systemexperts.com/tutors/HardenW2K101.pdf

You will be using the IPSEC console but not really using IPSEC, more =3D
like a filter.  But it works.  I used it on my DNS server before we got
=3D
a PIX.  Oh yeah I highly recommend a hardware firewall.  Way better then
=3D
ISA server, which I used before.
Rob


**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote also confirms that this email message has been swept by
MIMEsweeper for the presence of computer viruses.

www.mimesweeper.com
**********************************************************************


==================================
To Unsubscribe, set digest or vacation
mode or view archives use the below link.

http://thethin.net/win2000list.cfm

==================================
To Unsubscribe, set digest or vacation
mode or view archives use the below link.

http://thethin.net/win2000list.cfm

Other related posts: