No announcement yet.

Configure WIN2003 Firewall

  • Filter
  • Time
  • Show
Clear All
new posts

  • Configure WIN2003 Firewall

    Hi All,
    First message here and a lots of thanks to Daniel Petri, your website is a goldmine of informations about Win Products

    I'm testing en installation of win2003 to migrate my old NT server.

    I saw the firewall and started to configure it, but I stay with some doubts...
    1. it's only possible to configure listening ports like authorizing people to connect form the outsite to some ports ? I mean if I got a backdoor which establish a connexion from my server to the outside, I can't block it ?

    2. I was thinking to open Share directory, so I open the port 445 TCP.
    First I was trying to open it using NetBios over TCP/IP (137UDP and 139 TCP). Then I read in a Microsoft White paper that it should be better to disable NetBios over TCP, so I close it.
    Now I can browse my files through IP of the server (\\my_IP\My_share) i don't have name resolving (137 UDP) but it's not very important and I think (am I right) that it should be little safer not to open this port.
    But I find a strange issue :
    When I was testing this with port 139 or 445, I find that browsing share (\\my_IP without a share name) was extremly slow. But If I open port 135 TCP (ugh RPC is back... ) It suddenly became normal. I mean without this, to discover the shares it could last a few seconds (20-30) with, it's instantly...
    Does anyone know why ?
    So I decided to close it and only acces this way : \\my_IP\My_share

    3. Then I' reading a bunch of MS White paper for hardening my server security, I foud these one :
    - CHAPTER_5_Managing_a_Secure_IIS_6.0_Solution.doc
    - Threats and Countermeasures Guide.pdf
    - Windows Server 2003 Security Guide
    Well I think this is worth enough (quite complicated to read, but you learn a lot of things).
    But if you have some tools or advice you may recommend a beginner like me in securing a server) I would be grateful

    [edit] 4. I was testing my server with Nessus and find an issue about my shares :
    It was possible to log into the remote host using a NULL session.
    The concept of a NULL session is to provide a null username and
    a null password, which grants the user the 'guest' access

    To prevent null sessions, see MS KB Article Q143474 (NT 4.0) and
    Q246261 (Windows 2000).
    Note that this won't completely disable null sessions, but will
    prevent them from connecting to IPC$
    Please see
    It seems that there is a pb with this... So I found help on MS webSite and I put HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Ls a\restrictanonymous value to 2 according to : but I run again my nessus scanner and it still told me the same... is it an issue I have to care about ?

    Thks a lot