dslreports logo

It doesn't matter if you are running Apache or IIS, Windows leaves a lot of vulnerable ports open.

Check which of your ports are open by going to this site's port scan tool /scan

In security, you want to adopt a "belt and suspenders" approach to most things. In this case you may want to use second second port scan tool. A well known port scan tool you can try is ShieldsUP! at »www.grc.com/ (skip through the cover page by clicking the ShieldsUP! logo then find the link for the test, about halfway down the page, click through the disclaimer, then click "all service ports").

If you are running Windows 2000 Server, Windows 2000 Professional, Windows 2003 Server, or Windows XP Professional, you can use the built in IPsec facility to make a packet filter. The IPsec facility allows you very granular filtering: by IP address, port, and protocol.

If you have XP Home, you can't set up an IPsec packet filter. Your best move is to upgrade to XP SP2 and use its built-in firewall.

If you are running a public web server you really should consider one, even if you already have a firewall.

To setup an IPsec packet filter on Windows 2003 Server see »www.microsoft.com/techne ··· 159.mspx
For more information, including Windows 2000 Server, see »www.microsoft.com/techne ··· cld.mspx

You should also consider using a packet filter if you take your laptop to public hotspots, or you move it between the network at home and the network at work.

There's no substitute for keeping your system up to date: Windows Update is your friend. Run it at least once a week on your production servers, and set all your clients to install patches automatically.


Expand got feedback?

by big greg See Profile
last modified: 2005-11-04 14:23:17