For a MS LAN - There is NO justification for allowing ANY port above 1024 to be open. I know what Microsoft attitude to Port security is and it basically follows allow everything so we don't have to explain opening specific ports for games, voip, irc etc.
In a totally MS environment where all you want from your PC is business like applications to use there is NO reason on earth to permit anything above 1024. I have been running a test LAN, small group with such access limits. There is nothing on the internet I cannot do with Ports above 1024 closed. If your need IRC, Messenger services like yahoo in MS do not open ports 1024-65563. There is no requirement in a MS for them to be open. Trust me..It my job occupation. Scott :-X John Andersen wrote: > On Friday 13 April 2007, Darryl Gregorash wrote: > >> If you have any XP systems in the network you must also enable port 445 >> on TCP. >> >> The port 1024 reference someone mentioned is in error. >> > > No, it wasn't. > > The actual reference was to udp port 1024: which is shorewall shorthand > for 1024 and up. > > If you are not aware of the use of this in the windows environment > you can read up on RPC, DFSR, TrkSvr, and MSDTC services here > http://support.microsoft.com/kb/832017 > > The larger your domain (most especially if you USE a domain at all) > you need to allow egress on udp and tcp to the from the server to the > local network. > > In a simple home network without a domain you can get by without these. > > > >
smime.p7s
Description: S/MIME Cryptographic Signature
