Windows Tip Sheet
Lock Down Your Server
Back in your ports, you services!
Whenever I go to a new client, security is almost always a part of the job,
and server lockdown is almost always part of the plan. I’ve written before
on some of the ports and services required to operate Windows servers in various
roles (like domain controller), and you may be aware that Win2003 SP1 will offer
a new security wizard that makes the task even easier. The wizard uses an XML
file (provided by Microsoft) which details the various services and ports required
for different server roles (DNS server, domain controller, mail server, you
name it); tell the wizard what role a server is performing and it locks down
anything unnecessary.
Until the happy day when that tool arrives on the scene, however, check out
Microsoft
Knowledge Base article 832017. It lists each system service, along with
every port that service uses and what each port does. For example, you can see
that the Local Security Authority (LSASS) uses TCP 3269 and 3268 for Global
Catalog queries, TCP and UDP 389 for LDAP queries, and so forth. The list of
services is exhaustive, and a description is provided for each service to help
you figure out if it’s something you need or not. It even tells you if
services are disabled by default, such as the nearly obsolete License Logging
Service.
Links are provided to other KB articles covering products like Exchange (various
versions), making this document a more comprehensive index of all services your
machines might be running.
| Cool
Gadget |
 |
| The Motorola E1060 packs a
1.3 megapixel VGA camera, Bluetooth and everything else
except the kitchen sink. |
Okay, this isn’t something you (or I) are likely to rush
out and get, but it’s neat: Motorola announced their new
E1060
3G cell phone. What’s neat about it? It syncs music
files with iTunes and other jukebox software, and supports MPEG4,
WMV/WMA and MP3 files. It’s a full-on media phone. Sadly,
some airlines still make you turn it off in flight. |
|
|
More Resources:
About the Author
Don Jones is a multiple-year recipient of Microsoft’s MVP Award, and is Curriculum Director for IT Pro Content for video training company Pluralsight. Don is also a co-founder and President of PowerShell.org, a community dedicated to Microsoft’s Windows PowerShell technology. Don has more than two decades of experience in the IT industry, and specializes in the Microsoft business technology platform. He’s the author of more than 50 technology books, an accomplished IT journalist, and a sought-after speaker and instructor at conferences worldwide. Reach Don on Twitter at @concentratedDon, or on Facebook at Facebook.com/ConcentratedDon.