Wrong newsgroup. This one is devoted to the database product Access. Try one
devoted to IIS security.
"Aneesh" <(E-Mail Removed)> wrote in message
news:066b01c366bd$621f33d0$(E-Mail Removed)...
> CLOSING PORTS FOR SECURITY
>
> QUERY:
>
> Please we need information on all the ports that we need
> to give permission to enable a normal functioning of our
> site.
>
> Following Are the Configuration we use.
>
>
> OUR PLATTFORM:
> MS WINDOWS 2000 - Advanced Server using IIS 2000 (5.0) and
> SQL 2000, we use Java, and our pages are asp dynamically
> generated, we also use some applets.
>
> SECURITY ISSUE:
> For Security reasons we want to close all Ports except
> those which are needed for the proper functioning of our
> programs an connectivity to the Internet.
>
> CURRENT SAFETY FACILITIES:
> Symantec, Norton antivirus, Firewall, Patches and updates
> from MS and Tools from Symantec
>
> REASONS:
> Even with all the security tools and patches we are still
> affected by viruses, worms, ghost messages etc etc.
>
> WORK DONE:
> We have accessed several pages on Ports on the net and
> reviewed the full list of IANA (the Port Conrolling
> Authority).
> Based on this information we used the MS limited Port
> filtering Facility found in:
> Connections > Properties > TCP/IP > Properties > Advanced
> > Options > TCP/IP Filetering > Properties,
> where we enabled TCP/IP Filtering following instructions
> from MS http://support.microsoft.com/?id=309798 and gave
> permission to Ports which we believed to be of use namely:
>
> ftp 21/tcp File Transfer [Control]
> ftp 21/udp File Transfer [Control]
>
> ssh 22/tcp SSH Remote Login Protocol
> ssh 22/udp SSH Remote Login Protocol
>
> http 80/tcp World Wide Web HTTP
> http 80/udp World Wide Web HTTP
> www 80/tcp World Wide Web HTTP
> www 80/udp World Wide Web HTTP
> www-http 80/tcp World Wide Web HTTP
> www-http 80/udp World Wide Web HTTP
>
> auth 113/tcp Authentication Service - used
> for Firewall
> auth 113/udp Authentication Service - used
> for Firewall
>
> https 443/tcp http protocol over TLS/SSL
> https 443/udp http protocol over TLS/SSL
>
> password-chg 586/tcp Password Change
> password-chg 586/udp Password Change
>
> msexch-routing 691/tcp MS Exchange Routing
> msexch-routing 691/udp MS Exchange Routing
>
> msnp 1863/tcp MSNP
> msnp 1863/udp MSNP
>
> messageservice 2311/tcp Message Service
> messageservice 2311/udp Message Service
>
> Client Server 3389/TCP for Terminal Server client
> default connection
>
> msfw-control 3847/tcp MS Firewall Control
> msfw-control 3847/udp MS Firewall Control
>
> commplex-main 5000/tcp Yahoo Messenger - Voice Chat
> commplex-main 5000/udp Yahoo Messenger - Voice Chat
> commplex-link 5001/tcp Yahoo Messenger - Voice Chat
> commplex-link 5001/udp Yahoo Messenger - Voice Chat
>
> Yahoo Messenger - Messages
> mmcc 5050/tcp multimedia conference control
> tool
> mmcc 5050/udp multimedia conference control
> tool
>
> http-alt 8008/tcp HTTP Alternate
> http-alt 8008/udp HTTP Alternate
>
> http-alt 8080/tcp HTTP Alternate (see port 80)
> http-alt 8080/udp HTTP Alternate (see port 80)
>
>
> RESULT:
> The site or the browser would not come up, we could not
> connect with msn or yahoo (needed for communication whilst
> doing work).
> These returned as soon as we allowed all ports to be open.
> This tells us that we do not know all the Ports that need
> permisssion.
>
>
>
> MISCELLANEOUS:
> We also need the ports to allow Hotmail and Yahoo chat
> Messenger.
>
> Thanking you in advance
>
> Aneesh
>
Similar Threads
