Security

[Guest]

Archived from groups: microsoft.public.win2000.security (More info?)

Hi, I have a Windows 2000 server. I recently noticed that
when I do the netstat -a command it shows hundreds of TCP-
connections that are listening and some that are open.
When I look at the files opened, I don't see any files
that are open by un-authorized users. How can I prevent
people from opening a connection and if they are not
authorized users, I do I know what they are opeing?

Any help will be appreciated.

Thanks, Marco Hdez.

 

[Guest]

Archived from groups: microsoft.public.win2000.security (More info?)

First off the job of a firewall is to keep untrusted networks from accessing your
network directly. After that you use permissions and rights to restrict users to
resources and unauthorized access. Best practices say you should only run necessary
services on your computer. For instance a default installation will allow telnet and
have the WWW services enabled on a W2K server. You can run Microsoft Baseline
Security Analyzer to help you determine if you have unnecessary services running on a
computer as shown in the link below.

http://www.microsoft.com/technet/security/tools/mbsahome.mspx

After that you can refer to documentation such as the Windows 2000 Security Hardening
Guide to further secure your computer based on it's role and the operating system of
clients it exists with.

http://www.microsoft.com/technet/security/prodtech/win2000/win2khg/default.mspx
http://www.microsoft.com/smallbusiness/gtm/securityguidance/hub.mspx -- other good
tips.

To help find out exactly what those ports are used for I like three free third party
tools. Fport, TCPView, and Process Explorer as shown in the links below. --- Steve

http://www.ibiblio.org/security/articles/fport.html
http://www.sysinternals.com/ntw2k/source/tcpview.shtml
http://www.sysinternals.com/ntw2k/freeware/procexp.shtml

"Thousands of Netstat -a Connections" <anonymous@discussions.microsoft.com> wrote in
message news:208de01c45953$52c33920$a501280a@phx.gbl...
> Hi, I have a Windows 2000 server. I recently noticed that
> when I do the netstat -a command it shows hundreds of TCP-
> connections that are listening and some that are open.
> When I look at the files opened, I don't see any files
> that are open by un-authorized users. How can I prevent
> people from opening a connection and if they are not
> authorized users, I do I know what they are opeing?
>
> Any help will be appreciated.
>
> Thanks, Marco Hdez.