Dave Watts wrote: >>Run Windows Update FIRST! > > I would recommend that, before you run Windows Update, you either download > appropriate patches from another machine or that you create an IP security > policy to limit access to and from the machine to only the Windows Update > site and your DNS server. This minimizes the likelihood that you'll be hit > with anything between putting the server on a network and patching it fully.
Second that. I have included the batchfile I use for that below, it removes all existing policies, blocks everything, then allows TCP traffic from remote port 80 and 443 and UDP from remote port 53. This is (currently) sufficient against all the common worms. Jochem REM ****** Remove all existing filters ****** NETSH IPSEC STATIC DELETE ALL REM ****** Filter Action allow ****** NETSH IPSEC STATIC DELETE FILTERACTION NAME=ACTION-ALLOW NETSH IPSEC STATIC ADD FILTERACTION NAME=ACTION-ALLOW ACTION=PERMIT REM ****** Filter Action deny ****** NETSH IPSEC STATIC DELETE FILTERACTION NAME=ACTION-DENY NETSH IPSEC STATIC ADD FILTERACTION NAME=ACTION-DENY ACTION=BLOCK REM ****** All traffic ****** NETSH IPSEC STATIC DELETE FILTERLIST NAME=FILTER-ALL NETSH IPSEC STATIC ADD FILTERLIST NAME=FILTER-ALL NETSH IPSEC STATIC ADD FILTER FILTERLIST=FILTER-ALL SRCADDR=ANY DSTADDR=ANY REM ****** DNS client ****** NETSH IPSEC STATIC DELETE FILTERLIST NAME=FILTER-DNS-CLIENT NETSH IPSEC STATIC ADD FILTERLIST NAME=FILTER-DNS-CLIENT NETSH IPSEC STATIC ADD FILTER FILTERLIST=FILTER-DNS-CLIENT SRCADDR=ME DSTADDR=ANY DSTPORT=53 PROTOCOL=UDP REM ****** Web client ****** NETSH IPSEC STATIC DELETE FILTERLIST NAME=FILTER-WEB-CLIENT NETSH IPSEC STATIC ADD FILTERLIST NAME=FILTER-WEB-CLIENT NETSH IPSEC STATIC ADD FILTER FILTERLIST=FILTER-WEB-CLIENT SRCADDR=ME DSTADDR=ANY DSTPORT=80 PROTOCOL=TCP NETSH IPSEC STATIC ADD FILTER FILTERLIST=FILTER-WEB-CLIENT SRCADDR=ME DSTADDR=ANY DSTPORT=443 PROTOCOL=TCP REM ****** INSTALL firewall Policy ****** NETSH IPSEC STATIC DELETE POLICY NAME=INSTALL NETSH IPSEC STATIC ADD POLICY NAME=INSTALL REM ****** Enable Rules ****** NETSH IPSEC STATIC DELETE RULE ALL POLICY=INSTALL NETSH IPSEC STATIC ADD RULE POLICY=INSTALL NAME=BLOCK-ALL FILTERLIST=FILTER-ALL FILTERACTION=ACTION-DENY NETSH IPSEC STATIC ADD RULE POLICY=INSTALL NAME=ALLOW-DNS-CLIENT FILTERLIST=FILTER-DNS-CLIENT FILTERACTION=ACTION-ALLOW NETSH IPSEC STATIC ADD RULE POLICY=INSTALL NAME=ALLOW-WEB-CLIENT FILTERLIST=FILTER-WEB-CLIENT FILTERACTION=ACTION-ALLOW REM ****** Assign INSTALL firewall Policy ****** NETSH IPSEC STATIC SET policy name=INSTALL assign=yes ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:194307 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
