server security

Hi,

i have setup 2003 AD for a customer. they came back to me saying: they
wanted to close those unnecessary network ports on the domain controller that
will not be used, somehow is OS hardening. Customer claims that the windows
OS open all ports and is vulnerable.
Is there a practice on how network port can be closed at the OS level by
deciding what ports to be used or not?

how can i explain better to my customer?? i never heard of OS hardening on
port level.

im grateful if u can give some advice

cheers,
chua

Please use the provided information

Microsoft Solution for Securing Windows 2000 Server
http://www.microsoft.com/technet/sec...k/default.mspx

Windows Server 2003 Security Guide
http://www.microsoft.com/technet/sec...hg/sgch00.mspx

....hope this helps
_Edwin_

"steve" wrote:

> Hi,
>
> i have setup 2003 AD for a customer. they came back to me saying: they
> wanted to close those unnecessary network ports on the domain controller that
> will not be used, somehow is OS hardening. Customer claims that the windows
> OS open all ports and is vulnerable.
> Is there a practice on how network port can be closed at the OS level by
> deciding what ports to be used or not?
>
> how can i explain better to my customer?? i never heard of OS hardening on
> port level.
>
> im grateful if u can give some advice
>
> cheers,
> chua

Hi edwin,

thanks for the link, i have briefly go thru before, but i dun think they
mention any about closing ports. Do microsoft recommends ports to be closed
if not in used?

steve



"Edwin vMierlo" wrote:

> Please use the provided information
>
> Microsoft Solution for Securing Windows 2000 Server
> http://www.microsoft.com/technet/sec...k/default.mspx
>
> Windows Server 2003 Security Guide
> http://www.microsoft.com/technet/sec...hg/sgch00.mspx
>
> ...hope this helps
> _Edwin_
>
> "steve" wrote:
>
> > Hi,
> >
> > i have setup 2003 AD for a customer. they came back to me saying: they
> > wanted to close those unnecessary network ports on the domain controller that
> > will not be used, somehow is OS hardening. Customer claims that the windows
> > OS open all ports and is vulnerable.
> > Is there a practice on how network port can be closed at the OS level by
> > deciding what ports to be used or not?
> >
> > how can i explain better to my customer?? i never heard of OS hardening on
> > port level.
> >
> > im grateful if u can give some advice
> >
> > cheers,
> > chua

Maybe this one is the one you need:

How to harden the TCP/IP stack against denial of service attacks in Windows
Server 2003
http://support.microsoft.com/kb/324270/en-us



"steve" wrote:

> Hi edwin,
>
> thanks for the link, i have briefly go thru before, but i dun think they
> mention any about closing ports. Do microsoft recommends ports to be closed
> if not in used?
>
> steve
>
>
>
> "Edwin vMierlo" wrote:
>
> > Please use the provided information
> >
> > Microsoft Solution for Securing Windows 2000 Server
> > http://www.microsoft.com/technet/sec...k/default.mspx
> >
> > Windows Server 2003 Security Guide
> > http://www.microsoft.com/technet/sec...hg/sgch00.mspx
> >
> > ...hope this helps
> > _Edwin_
> >
> > "steve" wrote:
> >
> > > Hi,
> > >
> > > i have setup 2003 AD for a customer. they came back to me saying: they
> > > wanted to close those unnecessary network ports on the domain controller that
> > > will not be used, somehow is OS hardening. Customer claims that the windows
> > > OS open all ports and is vulnerable.
> > > Is there a practice on how network port can be closed at the OS level by
> > > deciding what ports to be used or not?
> > >
> > > how can i explain better to my customer?? i never heard of OS hardening on
> > > port level.
> > >
> > > im grateful if u can give some advice
> > >
> > > cheers,
> > > chua