Port Restriction without firewall

  • Thread starter Alpago_microsoft addictive
  • Start date
A

Alpago_microsoft addictive

Hi to everyone!

My Friends I have a problem with tcp/ip connection using some ports...I
wanna limit or disable these ports without the power of firewall...Why I
wanna choose this problem is that in our company domain users can disable
firewall and it does not work unfortunately... Maybe a solution with a
registry script can limit the specified ports..may distribute these script
within the group policy and solve the problem as well...is there any script
there or any other solution..?Please help!This is important for our company
because something may happen against law because of some using web-tunnel
programming using some ports....
Thanks for your help by now....
 
D

David H. Lipman

From: "Alpago_microsoft addictive" <[email protected]>

| Hi to everyone!

| My Friends I have a problem with tcp/ip connection using some ports...I
| wanna limit or disable these ports without the power of firewall...Why I
| wanna choose this problem is that in our company domain users can disable
| firewall and it does not work unfortunately... Maybe a solution with a
| registry script can limit the specified ports..may distribute these script
| within the group policy and solve the problem as well...is there any script
| there or any other solution..?Please help!This is important for our company
| because something may happen against law because of some using web-tunnel
| programming using some ports....
| Thanks for your help by now....

Then use a FirewWall Appliance.
 
M

Malke

Alpago_microsoft addictive said:
Hi to everyone!

My Friends I have a problem with tcp/ip connection using some ports...I
wanna limit or disable these ports without the power of firewall...Why I
wanna choose this problem is that in our company domain users can disable
firewall and it does not work unfortunately... Maybe a solution with a
registry script can limit the specified ports..may distribute these script
within the group policy and solve the problem as well...is there any
script there or any other solution..?Please help!This is important for our
company because something may happen against law because of some using
web-tunnel programming using some ports....
Thanks for your help by now....

It makes absolutely no sense to me that your domain users can turn off the
firewall. This is the part you need to fix. If you really can't do this
(and why ever not?!), then restrict the ports on your router. Even simple
consumer-level routers will let you do this. If this is what you're using
for your company, consider purchasing better edge security. Sonicwall makes
very good products.

Malke
 
T

Twayne

Hi to everyone!
My Friends I have a problem with tcp/ip connection using some
ports...I wanna limit or disable these ports without the power of
firewall...Why I wanna choose this problem is that in our company
domain users can disable firewall and it does not work
unfortunately... Maybe a solution with a registry script can limit
the specified ports..may distribute these script within the group
policy and solve the problem as well...is there any script there or
any other solution..?Please help!This is important for our company
because something may happen against law because of some using
web-tunnel programming using some ports....
Thanks for your help by now....

Are those users on admin accounts? If so, that needs to be taken care
of first, and quickly. Make them Power Users, limited users, whatever,
but take away full Admin priviledges. I'm no guru by any means on domain
setups, but:

Why not set their accesses/permissions so they cannot turn off the
firewall? Or even make the firewall its own user. You give little
information, but allowing users to control the firewall seems like a
very bad decision easily fixed, to me. I think the way you're going
about it is nothing but a bandaid waiting for a work-around.

In addition, since it's a "company", a stated and distributed policy
should make it a fire-able offense for messing with ANY of the company's
computers and settings, and same should be enforced. So ... IMO,
-- do the policy thing
-- repair the firewall if it needs repair
-- Adjust user access & permissions to they cannot do that.
-- Think about what else they can hack easily, make the adjustments,
implement them, then re-issue the policy accordingly and continue to
enforce it.

Employees who violate company rules should not be employees. But don't
be an A-hole about it; be reasonable, be public with your reasons for
the changes, & don't use any names in public. Secure everything that is
critical.

Just my 2 ¢
 
A

Alpago_microsoft addictive

Actually you are wright but firewall enabled(windows xp firewall) users can
also use the application (web-tunnel program) and may access the sites
against the law...may be there is a method or something else maybe it is
possible not to listen to anything on the loopback(localhost:127.0.0.1) May
we prevent localhost to listening ports?If it is so, the problem will
disapper at least I hope :)
Thanks for your answers by now....
 
M

Malke

Alpago_microsoft addictive said:
Actually you are wright but firewall enabled(windows xp firewall) users
can also use the application (web-tunnel program) and may access the sites
against the law...may be there is a method or something else maybe it is
possible not to listen to anything on the loopback(localhost:127.0.0.1)
May we prevent localhost to listening ports?If it is so, the problem will
disapper at least I hope :)
Thanks for your answers by now....

You've already gotten answers. If you've made the mistake of setting your
users up as administrators, you need to change them to standard users.
Standard users cannot install programs and cannot change firewall settings.

You can manage ports from your router. You can purchase a firewall appliance
like the ones from Sonicwall (just as an example).

There really is nothing further to say on the subject. If you can't figure
out how to do this - and we all have our areas of expertise - then hire a
professional computer consultant who can set you up securely and properly.

EOT for me.

Malke
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top