| Main Archive Page > Month Archives > security-basics archives |
Windows firewall on active directory servers
From: Dani Houpt <dhoupt613_at_nospam>Date: Wed Feb 06 2008 - 15:01:11 GMT
To: security-basics@securityfocus.com
All, I'm working for a large school and we are deploying a new
AD Forest. By policy, they don't have firewalls between their
internal network and their external network, but rather only have
firewalls implemented on each server. The reason for this is that are
more concerned with their internal users (the students) than any host
out on the Internet.
When deploying AD, we came up with an issue with using the windows fireall on the AD servers. After more research, we found out that Microsoft does not recommend using the Windows firewall on AD servers. The issue has to do with limitting the RPC ports. The MS KB articles that we found specify to open 100 RPC ports but this does not seem to be enough.
Has anyone had to deploy a FW on an AD DC in a large domain/forest? If so, how did you manage the RPC settings and which FW did you use?
Thanks so much for your help!
-Dani Houpt
Dhoupt613 (at) gmail dot com
On 2/5/08, Yousef Syed <yousef.syed@gmail.com> wrote:
> I need some advice.
> I'm currently staying in an apartment complex that provides free
> wireless Internet access.
> The access has zero crypto - not even WEP.
>
> What can I do on my own Laptops (Mac OS X and Windows XP Pro) to make
> my browsing/internet usage more secure? I also want to ensure that no
> one else on the network is entering my systems.
>
> The Windows Laptop already has Kaspersky Internet Security and various
> spyware/adware checkers etc
>
> Thanks,
> ys
>
> --
> Yousef Syed
> CISSP
>
> http://www.linkedin.com/in/musashi
>
--
Sent from Gmail for mobile | mobile.google.com