Sign in with
Sign up | Sign in
Your question

TCP/IP Filtering

Last response: in Windows 2000/NT
Share
Anonymous
a b 8 Security
September 8, 2004 4:00:26 PM

Archived from groups: microsoft.public.win2000.security (More info?)

In Windows 2000, there's no built-in firewall.
Can I use TCP/IP Filtering on the network adapter property instead of firewall?
It's webserver and I want to open only 80 port.

Thanks.

Sam

More about : tcp filtering

Anonymous
a b 8 Security
September 9, 2004 12:16:09 AM

Archived from groups: microsoft.public.win2000.security (More info?)

Tcp/ip filtering is a whole lot better than nothing and is generally used as an
additional layer of protection but not the only. If you enable it for UDP, you will
not be able to resolve internet names from the server if that is important. Keep in
mind that tcp/ip filtering does not block ICMP and DOS attacks that are used by it.
If for some reason you can not but a firewall right now I suggest you also look into
using ipsec filtering which can effectively filter udp and manage outbound traffic
unlike tcp/ip filtering. The two links below explain more on ipsec filtering and some
weaknesses of it when used as an internet firewall [not it's intended purpose] that
can be remedied by a registry setting. --- Steve

http://www.securityfocus.com/infocus/1559
http://support.microsoft.com/default.aspx?scid=kb;en-us;811832

"Sam Kong" <ssk@chol.net> wrote in message
news:f0667546.0409081100.785c6ab9@posting.google.com...
> In Windows 2000, there's no built-in firewall.
> Can I use TCP/IP Filtering on the network adapter property instead of firewall?
> It's webserver and I want to open only 80 port.
>
> Thanks.
>
> Sam
Anonymous
a b 8 Security
September 9, 2004 2:21:01 AM

Archived from groups: microsoft.public.win2000.security (More info?)

Some people do this, and there's also IPSec filtering. However, Microsoft
says that neither of these are really meant as firewalls. For one thing,
there's no logging, alerting or intrusion detection. The lack of logging
causes a problem not only when you suspect you may have been hacked or
flooded with a DoS, but also when something goes wrong during the initial
setup. And, I would always be concerned that the filtering could become
enabled by an idiot administrator, a future patch or service pack
installation, a network card replacement, a spontaneous software glitch,
etc. Also, firewalls have gotten fairly cheap. www.netscreen.com offers
hardware firewall devices starting around $600 US, possibly cheaper if you
search ebay.com for firewalls.

Information on setting up IPSec or TCP/IP filtering:

http://securityadmin.info/faq.asp#firewall
http://securityadmin.info/faq.asp#ipsec
www.nsa.gov/snac


"Sam Kong" <ssk@chol.net> wrote in message
news:f0667546.0409081100.785c6ab9@posting.google.com...
> In Windows 2000, there's no built-in firewall.
> Can I use TCP/IP Filtering on the network adapter property instead of
firewall?
> It's webserver and I want to open only 80 port.
>
> Thanks.
>
> Sam
!