| Author |
Message |
Pat
Guest
|
 Posted:
Mon Oct 03, 2005 4:50 pm Post subject:
WIN2K3 SP1 for a web server I am deploying |
|
|
I have a WIN2K3 web server that will need port 80 and and SNMP open and maybe
SMTP, It's been security scanned and some services are being requested shut
off on this server
Epmap
Isakmp listen
Microsoft-ds
netbios-dgm
netbios-ns
netios-ssn
and ntp
Should I manually go in and disable these services or can WIN2K3 SP1 take
care of disabling these services if I use the security configuration tool and
choose web application server, will it lock or disable the services mentioned
for me with this process?
Thanks |
|
| Back to top |
|
 |
Eric Denekamp
Guest
|
| Posted:
Mon Oct 03, 2005 4:50 pm Post subject:
Re: WIN2K3 SP1 for a web server I am deploying |
|
|
AFAIK, the security configuration wizzard can take care and will take care
of this for you, and it is easier to turn back if you made an error.
Greetings
Eric
| Quote: | I have a WIN2K3 web server that will need port 80 and and SNMP open
and maybe SMTP, It's been security scanned and some services are being
requested shut off on this server
Epmap
Isakmp listen
Microsoft-ds
netbios-dgm
netbios-ns
netios-ssn
and ntp
Should I manually go in and disable these services or can WIN2K3 SP1
take care of disabling these services if I use the security
configuration tool and choose web application server, will it lock or
disable the services mentioned for me with this process?
Thanks
|
|
|
| Back to top |
|
|
Pat
Guest
|
| Posted:
Mon Oct 03, 2005 4:50 pm Post subject:
Re: WIN2K3 SP1 for a web server I am deploying |
|
|
so it will effectively disable all services and processes mentioned?
thanks
"Eric Denekamp" wrote:
| Quote: | AFAIK, the security configuration wizzard can take care and will take care
of this for you, and it is easier to turn back if you made an error.
Greetings
Eric
I have a WIN2K3 web server that will need port 80 and and SNMP open
and maybe SMTP, It's been security scanned and some services are being
requested shut off on this server
Epmap
Isakmp listen
Microsoft-ds
netbios-dgm
netbios-ns
netios-ssn
and ntp
Should I manually go in and disable these services or can WIN2K3 SP1
take care of disabling these services if I use the security
configuration tool and choose web application server, will it lock or
disable the services mentioned for me with this process?
Thanks
|
|
|
| Back to top |
|
|
Eric Denekamp
Guest
|
| Posted:
Mon Oct 03, 2005 4:50 pm Post subject:
Re: WIN2K3 SP1 for a web server I am deploying |
|
|
Well, uhhh
Yes it wil LET YOU decide what is going on on your systems in an easier way
than going in yourself, But YOU make the decision WHAT will be disabled.
good luck.
Eric
| Quote: | so it will effectively disable all services and processes mentioned?
thanks
"Eric Denekamp" wrote:
AFAIK, the security configuration wizzard can take care and will take
care of this for you, and it is easier to turn back if you made an
error.
Greetings
Eric
I have a WIN2K3 web server that will need port 80 and and SNMP open
and maybe SMTP, It's been security scanned and some services are
being requested shut off on this server
Epmap
Isakmp listen
Microsoft-ds
netbios-dgm
netbios-ns
netios-ssn
and ntp
Should I manually go in and disable these services or can WIN2K3 SP1
take care of disabling these services if I use the security
configuration tool and choose web application server, will it lock
or
disable the services mentioned for me with this process?
Thanks
|
|
|
| Back to top |
|
|
Roger Abell [MVP]
Guest
|
| Posted:
Tue Oct 04, 2005 8:51 am Post subject:
Re: WIN2K3 SP1 for a web server I am deploying |
|
|
and, in addition to Eric's response, you really have not told us
whether you will need to use the domain member role . . .
which will have impact on ports left open
I would suggest using SCW first, and then after the fact adjusting
the assigned IPsec policy so that only the few desired ports are
allowed, and those other than Tcp 80/443 allowed only with the
particular IPs (especially for SNMP!).
"Pat" <Pat@discussions.microsoft.com> wrote in message
news:29CDB57B-BD28-4B06-8A22-62A869DD7DDE@microsoft.com...
| Quote: | so it will effectively disable all services and processes mentioned?
thanks
"Eric Denekamp" wrote:
AFAIK, the security configuration wizzard can take care and will take
care
of this for you, and it is easier to turn back if you made an error.
Greetings
Eric
I have a WIN2K3 web server that will need port 80 and and SNMP open
and maybe SMTP, It's been security scanned and some services are being
requested shut off on this server
Epmap
Isakmp listen
Microsoft-ds
netbios-dgm
netbios-ns
netios-ssn
and ntp
Should I manually go in and disable these services or can WIN2K3 SP1
take care of disabling these services if I use the security
configuration tool and choose web application server, will it lock or
disable the services mentioned for me with this process?
Thanks
|
|
|
| Back to top |
|
|
Pat
Guest
|
| Posted:
Tue Oct 04, 2005 4:51 pm Post subject:
RE: WIN2K3 SP1 for a web server I am deploying |
|
|
Hi, sorry about that it's a straight web/app server
I am opting for the firewall changes instead of the configuration wizard
But I am running into issues
I can block the ports mentioned in my original post fine but when I try to
allow certain ports I am having issues
SNMP: I HAVE ALLOWED PORTS 161,162 BOTH UDP AND TCP UNDER EXCEPTIONS
When I do scan it shows these ports still being blocked
SSL: I HAVE ALLOWED PORT 443 UNDER EXCEPTIONS
When I do a scan these ports still be blocked
How do I allow SNMP and SSL traffic to this server beyond what I have
already tried?
"Pat" wrote:
| Quote: | I have a WIN2K3 web server that will need port 80 and and SNMP open and maybe
SMTP, It's been security scanned and some services are being requested shut
off on this server
Epmap
Isakmp listen
Microsoft-ds
netbios-dgm
netbios-ns
netios-ssn
and ntp
Should I manually go in and disable these services or can WIN2K3 SP1 take
care of disabling these services if I use the security configuration tool and
choose web application server, will it lock or disable the services mentioned
for me with this process?
Thanks |
|
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in