Problem solve Get help with specific problems with your technologies, process and projects.

I would like to make my workstation more secure by closing ports that I don't need - what is the bes

I would like to make my workstation more secure by closing ports that I don't need. My machine is running Windows...

2000 professional and in the TCP/IP filtering options I allowed 20,21,23, and 80 (for telnet, ftp, and http).

My problem is with ftp: While I can connect to a ftp-server (log in works fine), the response to the "ls" command is the following: ftp> ls
200 PORT command successful.
425 Can't build data connection: Connection refused.

As far as I can tell, the "cd" command is working fine, if you know the right directories (it shows an error if the directory does not exist). When I disable TCP/IP filtering on my PC, everything works fine. I actually only want to block a few ports below 1024 in regards to recently discovered vulnerabilities of Windows, but with the way Windows 2000 has implemented port-filtering this seems not to be possible.
The best security practice is to create a "Deny All" filter and then create an "Allow" filter for the specific ports you want to open on your system. By default the "Any" filter allows access to all the ports. Your FTP problem seems to be a misconfiguration issue. On the other hand you can achieve Port level security by installing filtering software or Personal Firewalls like IP/PORT Blocker and ZoneAlarm. They do a fantastic job.

This was last published in October 2003

Dig Deeper on Network Security Monitoring and Analysis

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.