"Merman" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Does Microsoft have any documents on what ports are being used by the
Server
> Family products they have in the market?
>
> I think this would be a great material for network administrators
especially
> when they would like to enforce their firewall.
Simas covered the port issue itself, but I also want to mention that I think
there might be some general misconceptions concerning firewalls.
1. You don't block things on the LAN itself. Ports don't
"self-exist",..they are associated with running applications or
services,...so if you don't want something being used, then don't have it
running,..or use the security abilities within the Application itself or
with NTFS permissions to control which user has access,...that isn't done
with a "firewall".
Host-based Firewalls (like the Windows Firewall) are best used in "home
user" situations where their machine may be directly exposed to the Internet
while running Public IP#s (such as dialup Internet connection). Contrary to
others views, I do not recommend that host-based firewalls should be run
within a LAN that is already protected at the network edge and is already
running RFC Private Addresses that are already incompatible with and
unrechable from the Internet.
2. Firewalls are "edge devices" and the LANs are (or should be) running RFC
Private Addresses and are therefore incompatible with and unreachable from
the Internet. So there is "nothing to block" it the thing isn't even
reachable in the first place. Firewalls don't listen on any ports by
default,...they are 100% "outbound-only". The only inbound traffic that
would be listened for would be if the Admin setup a Static NAT ("publishing"
if using a proxy) for a particular "service" on the LAN that he wanted
available to the outside. Obviously if he did that, he wants it to be
contacted and therfore you wouldn't block it.
In the last few years with the "hyped-up" popularity of so-called
"firewalls",..there is way too much of the idea out there that says, "If you
want security,...slap a "firewall" on it", which by the flip-side of that
implies that if you don't have a firewall then you are somehow
"insecure",...which is not true.
Firewalls are only one particular security "tool" for certain particular
"situations".
And I think *that* is something great for Administrators to understand
rather than simply knowing what "port#" is genarally/mostly/probably
associated with what particular Application/Service/OS function.
--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/IS...cessRules.html
Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/t...dance/2004.asp
http://www.microsoft.com/isaserver/t...dance/2000.asp
Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp
Deployment Guidelines for ISA Server 2004 Enterprise Edition
http://www.microsoft.com/technet/pro...isaserver.mspx
-----------------------------------------------------
Similar Threads
Linear Mode
