Q

I would like to make my workstation more secure by closing ports that I don't need - what is the bes

I would like to make my workstation more secure by closing ports that I don't need. My machine is running Windows

2000 professional and in the TCP/IP filtering options I allowed 20,21,23, and 80 (for telnet, ftp, and http).

My problem is with ftp: While I can connect to a ftp-server (log in works fine), the response to the "ls" command is the following: ftp> ls
200 PORT command successful.
425 Can't build data connection: Connection refused.
ftp>

As far as I can tell, the "cd" command is working fine, if you know the right directories (it shows an error if the directory does not exist). When I disable TCP/IP filtering on my PC, everything works fine. I actually only want to block a few ports below 1024 in regards to recently discovered vulnerabilities of Windows, but with the way Windows 2000 has implemented port-filtering this seems not to be possible.
The best security practice is to create a "Deny All" filter and then create an "Allow" filter for the specific ports you want to open on your system. By default the "Any" filter allows access to all the ports. Your FTP problem seems to be a misconfiguration issue. On the other hand you can achieve Port level security by installing filtering software or Personal Firewalls like IP/PORT Blocker and ZoneAlarm. They do a fantastic job.

This was first published in October 2003

Dig deeper on Network Security Monitoring and Analysis

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchSDN

SearchEnterpriseWAN

SearchUnifiedCommunications

SearchMobileComputing

SearchDataCenter

SearchITChannel

Close