We use IS in much the same way. We have delayed deploying IS 7.0 to several hundred places and countless users because of the issues you mention. Everyone doesn't need the robustness of SQL and MSDE has the same space limitation as Access did. I was thinking of using the personal firewall to block access to the SQL ports (1434/U and 1433/T) and leaving everything else open. This way, I could track if anyone DID try connect attempts.
Mark P. Evans Northrop Grumman IT Chambersburg, PA 17201 ** The opinions expressed here are my own and do not reflect upon my company or the US Government ** -----Original Message----- From: Bj�rn Fr�be [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 14, 2003 12:15 PM To: [EMAIL PROTECTED] Subject: [ISSForum] Securing Internet Scanner Host Dear List, we use our Internet Scanner mainly for external Scans while directly connected to the big bad internet. For me it would be interesting to hear how other internet scanner users try to secure the scanning host. One bad thing in IS 7.0 is the dependance on MSDE which I think must not be directly connected to the net. It is possible to stop MSDE from listening on 1433/tcp via disablenetworkprotocols=1 during installation but 1434/udp is nevertheless active. I thought about using ipsecpol for blacklisting incoming connections to some services, 1434/udp should be no problem but what about RPC (135/tcp) and the SMB/NetBIOS Ports? Does this interfere with IS? Any hint would be welcome. Regards Bjoern _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo
