Why TCP/IP filtering is so important from security point of view and how do I configure TCP/IP filtering feature in my Windows 2000?
Why TCP/IP filtering is so important from security point of view and how do I configure TCP/IP filtering feature in my Windows 2000?
TCP/IP Filtering feature is the most simple and most powerful methods of controlling inbound access.
TCP/IP Filtering is useful from a security standpoint because it works in Kernel mode. In contrast, other methods of controlling inbound access to Windows 2000-based computers, such as by using the IPSec Policy filter and the Routing and Remote Access server, depend on User-mode processes or the Workstation and Server service.
If you want to control inbound and outbound TCP/IP access, you can layer your TCP/IP inbound access control scheme by using TCP/IP Filtering with IPSec filters and Routing and Remote Access packet filtering.
TCP/IP Security controls only inbound access.
To configure TCP/IP security:
- Click Start >> point to Settings >> click Control Panel >> Double-click Network and Dial-up Connections.
- Right-click the interface on which you want to configure inbound access control, and then click Properties.
- In the Components checked are used by this connection box, click Internet Protocol (TCP/IP) , and then click Properties.
- In the Internet Protocol (TCP/IP) Properties dialog box, click Advanced.
- Click the Options tab.
- Click TCP/IP filtering , and then click Properties.
- Select the Enable TCP/IP Filtering (All adapters) check box. When you select this check box, you enable filtering for all adapters, but you configure the filters on a per-adapter basis. The same filters do not apply to all adapters.
>There are three columns with the following labels:
- TCP Ports
- UDP Ports
- IP Protocols
In each column, you must select either of the following options:
[*]Permit All :- If you want to permit all packets for TCP or UDP traffic, leave Permit All activated.
[*]Permit Only :- If you want to allow only selected TCP or UDP traffic, click Permit Only , click Add , and then type the appropriate port in the Add Filter dialog box.
Bookmarks