lock down: what are the only parts you need open

El Nacho

Noobie Cheese
Joined
Jan 22, 2002
Messages
2,258
Locking down some laptops at work and i'm having trouble finding this info. What are the only ports you need to leave open for general windows 2000 use. I know port 80...but what else?
 

FLECOM

Modder(ator) & [H]ardest Folder Evar
Staff member
Joined
Jun 27, 2001
Messages
15,739
80 would be general use if it was a webserver...

if its really "general" use then it really shouldent need ANY ports open

...wait do you mena outgoing? or incoming?
 

SJConsultant

2[H]4U
Joined
Jan 14, 2004
Messages
3,600
El Nacho said:
Locking down some laptops at work and i'm having trouble finding this info. What are the only ports you need to leave open for general windows 2000 use. I know port 80...but what else?

What are you using to lock down the laptops? What is the typical use of the laptops?
 

El Nacho

Noobie Cheese
Joined
Jan 22, 2002
Messages
2,258
norton firewall (what ever the newer one is). These laptops are used for our sales guys. When they are in the office they are on a domain and the firewall turns itself off. On the road, the firewall turns its self on. The only thing that they use that needs the interent is IE

I guess what i'm asking are there any windows components that have to access the internet if you are using a interenet connection. I havent worked on this project in about a month, but i recall trying to only allow traffice on port 80 and I couldnt get IE to connect.

This would be for both incoming and outgoing ports.
 

draconius

2[H]4U
Joined
Apr 8, 2002
Messages
2,081
i dont know if that norton thing does stateful inspection, because if it does, you can simply just block all incoming, and only allow out ports 80 and possibly 25 if they need to send mail (should be using webmail on the road anyways) and keep state on outgoing connections so they are allowed back in, and ta da semi locked down...then you still have to deal with the fact that there are so many IE vulns released all the time, that you really have not improved your security that much for the travelling users, as they might be jumping to network segments where there are viruses / worms abound.
</rant>
 

El Nacho

Noobie Cheese
Joined
Jan 22, 2002
Messages
2,258
They will use citrix (nfuse) to access their email. I wish i could get the company to use firefox, as it wold help. I have allready done some testing this morning. And IE wont connect unless a 20 other ports are open. I'll make a list when i get back in the office.
 
Top