1. What OS - info varies slightly - just where to go in the UI - per OS. Basically go into the properties of TCP/IP and hunt for Security options. In here you will find options for what you allow over TCP, over UDP, and what protocols you allow. (In windows 2000 look for IP Filtering.)
2. The NSA publishes a large number of documents with instructions on securing OS's. Check out http://www.nsa.gov and click the "Security Recommendation Guides" link. (Or check out the Kids' Page - that's creepy. Hmmm, remnds me of Games magazine, which was sponsored by Mensa, which if you break it down is Me NSA -- not 'table' in latin. That's allright, I'll just wrap my head in tinfoil so they can't read my thoughts.) 3. 135= RPC end-point mapper. Reqasonable service to secure but most people ask about 137, or 137-140 and a few others. Hopefully a moot point since you should look to secure all ports and protocols and open only thos you need. 4. Look into Tiny Firewall. Runs on the box, will give you added logging, filtering, easier configuration, etc. Yes it means a firewall, but on the exposed box, not another piece of Hardware. That, and the licensing is pretty reasonable - Free for home use. Check out http://www.tinysoftware.com. 5. You may have better luck starting your search from http://www.microsoft.com/security. Check out their security deployment templates, and download and run HFNETCHK while you are there. It is a long way from complete, but it is getting there. 6. I hope you don't think that by closing one port you were going to secure a machine. If you did you have a lot to learn. Some suggestions for places to begin your education: http://www.securityfocus.com http://www.ntbugtraq.com http://www.counterpane.com http://www.sarc.com ... No offense, but if you were starting with such an sssumption - i could own your box in less than a minute, and I don't crack machines, so a practiced little script kiddie could probably do it in half that. If you aren't adequately logging activity on this box, you might not even notice. 7. There are cheap Firewall/Router products for Home use ($150-$400 US). These don't do things like stateful inspection, or particularly useful logging, but they aren't completely useless either. At the very least they do provide some standard port-filtering. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Hank Lee Sent: Friday, December 07, 2001 12:20 AM To: NT 2000 Discussions Subject: how to block port 135 without router or firewall Hi! I cannot find this question under MS KB for blocking port135 without router or firewall. Please info me Thanks Hank Lee ------ You are subscribed as [EMAIL PROTECTED] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to [EMAIL PROTECTED] ------ You are subscribed as [email protected] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to [EMAIL PROTECTED]
