Ask the Expert

I would like to make my workstation more secure by closing ports that I don't need - what is the bes

I would like to make my workstation more secure by closing ports that I don't need. My machine is running Windows 2000 professional and in the TCP/IP filtering options I allowed 20,21,23, and 80 (for telnet, ftp, and http).

My problem is with ftp: While I can connect to a ftp-server (log in works fine), the response to the "ls" command is the following: ftp> ls
200

    Requires Free Membership to View

PORT command successful.
425 Can't build data connection: Connection refused.
ftp>

As far as I can tell, the "cd" command is working fine, if you know the right directories (it shows an error if the directory does not exist). When I disable TCP/IP filtering on my PC, everything works fine. I actually only want to block a few ports below 1024 in regards to recently discovered vulnerabilities of Windows, but with the way Windows 2000 has implemented port-filtering this seems not to be possible.
The best security practice is to create a "Deny All" filter and then create an "Allow" filter for the specific ports you want to open on your system. By default the "Any" filter allows access to all the ports. Your FTP problem seems to be a misconfiguration issue. On the other hand you can achieve Port level security by installing filtering software or Personal Firewalls like IP/PORT Blocker and ZoneAlarm. They do a fantastic job.

This was first published in October 2003

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: