[windows2000] Re: IPSec
- From: "Rob Combis" <rcombis@xxxxxxxxxxxx>
- To: <windows2000@xxxxxxxxxxxxx>
- Date: Mon, 16 Dec 2002 11:40:37 -0500
I would think that you should allow 3389, 21 and 80 only from your IP =
address, then deny everything else but port 80 (and SMTP or SSL if =
needed) for all other IPs. Also allow all outbound connections. This =
is similar to what I do at our remote hosting location. It is easier to =
do with a hardware firewall but works fine with this kind of filtering.
-----Original Message-----
From: Jim Kenzig [mailto:jimkenz@xxxxxxxxxxxxxx]
Sent: Monday, December 16, 2002 11:36 AM
To: windows2000@xxxxxxxxxxxxx
Subject: [windows2000] Re: IPSec
Then you'd have to open port 21 also. I permit only TCP Ports 21, 25, =
80
and 3389 since I use no SSL on mine.
I make sure that all login (both successful and denied) are logged in my
event log and monitor them from day to day to make sure no one is trying =
to
FTP or TS into my server unauthorized.=20
JK
-----Original Message-----
From: windows2000-bounce@xxxxxxxxxxxxx
[mailto:windows2000-bounce@xxxxxxxxxxxxx]On Behalf Of Rob Combis
Sent: Monday, December 16, 2002 11:28 AM
To: windows2000@xxxxxxxxxxxxx
Subject: [windows2000] Re: IPSec
Ray-
Yes, that is what you want to do.
(ssl port=3D3D443)
However I would use FTP to upload files, not Windows file/print sharing.
Rob
-----Original Message-----
From: Costanzo, Ray [mailto:rcostanzo@xxxxxxxxxxx]
Sent: Monday, December 16, 2002 11:24 AM
To: windows2000@xxxxxxxxxxxxx
Subject: [windows2000] Re: IPSec
My ideal setup is:
Only port 80 and 229 (ssl, right?)
BUT
allow any port if requesting IP is my IP.
Ray at work
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D
To Unsubscribe, set digest or vacation
mode or view archives use the below link.
http://thethin.net/win2000list.cfm
==================================
To Unsubscribe, set digest or vacation
mode or view archives use the below link.
http://thethin.net/win2000list.cfm
Other related posts:
