windows ip security
IP Security for Windows 2000/2003
IPSec for Windows can significantly better secure a Windows server from attacks by closing ports that are typically open for LAN use. Since you are using your server in a hosted, public environment, it is very important for you to understand the security implications of doing so.
In this tutorial, we will discuss the IPSec policy, implementation and configuration.
1.) What is IPSecurity? IP security is definable traffic rules per IP address for inbound and outbound traffic.
2.) Defining the purpose. By default Windows leaves numerous ports open for its various functions originally designed LAN use. In this hosted capacity, we have no need for this type of communication and can essentially, “close the door” on unwanted chatter and traffic and more importantly, unwanted or malicious traffic.
Below are the most prevalent and needed ports for standard hosted server applications and implementations:
20 FTP Data channel ** 21 FTP 25 SMTP 80 HTTP 110 POP3 443 HTTPS 1433 MSSQL 3389 Remote Desktop
- It is more difficult to open dynamic ranges using Windows IPSec. It can be done, but it is rather time consuming. Using the above port 20 FTP DATA port forces FTP users into a PASV mode connection.
IPSec is a base set of rules, with one main rule being the foremost important.
IP TRAFFIC ANY DENY
Immediately you would think that this would make your server completely inaccessible and you are right. But it is the base rule that should be written first. What we do from here is create rules to open (make exception) to our original rule.
Let’s locate/create and configure a new IPSec policy:
Start>Administrative Tools>Local Security Policy
Highlight/expand “IP Security Policies” on the left-hand side of the snap-in.
Right-hand click and choose “New Security Policy”
Name your policy something like “Internet Server Policy”
Next, add the initial rule of IP TRAFFIC ANY DENY
Add rules as necessary thereafter. Once you have completed your policy, right-hand click and choose apply.