Disable unnecessary ports for windows 2003 Server Security Configuration

By default, many ports in Windows are open,

When you access the Internet, network viruses and hackers can connect to your computer through these ports.
To change your system to a copper wall, close these ports,
Mainly include TCP 135, 139, 445, 593, 1025, and UDP 135, 137, 138, 445, and,
Backdoor ports of some popular viruses (such as TCP 2745, 3127, and 6129 ),
And remote service access port 3389.

The following describes how to disable these network ports in WinXP/2000/2003:

Step 1: click "Start" menu/SETTINGS/control panel/management tools,
Double-click "local security policy" and select "IP Security Policy, on the local computer ",
Right-click the blank position in the right pane and choose create IP security policy from the shortcut menu"
(Such as the right figure), a wizard is displayed. Click "next" in the wizard to name the new security policy;
Then, press "next" to display the "secure communication request" screen, and remove the hook on the left of "activate default rules,
Click "finish" to create a new IP security policy.

Step 2: Right-click the IP security policy. In the "properties" dialog box,
Remove the hooks on the left of "use the add Wizard,
Click "add" to add a new rule,
Then the "new rule attributes" dialog box is displayed,
Click "Add" on the screen,
The IP filter list window is displayed. In the list,
First, remove the hooks on the left of "use the add Wizard,
Then, click "add" on the right side to add a new filter.

Step 3: Go to the "filter attributes" dialog box,
The first thing we can see is addressing. Select "any IP address" as the source address ",
Select "my IP address" as the target address ";
Click the "protocol" tab,
In the "select protocol type" drop-down list, select "TCP ",
Enter "135" in the text box "to this port ",
Click "OK ),
In this way, a filter is added to shield the TCP 135 (RPC) port,
It prevents external connection to your computer through port 135.

Click "OK" and return to the filter list dialog box,
You can see that a policy has been added,
Repeat the preceding steps to add TCP ports 137, 139, 445, and 593.
And UDP ports 135, 139, and 445.

Repeat the preceding steps to add a blocking policy for TCP ports 1025, 2745, 3127, 6129, and 3389,

Set the filter for the above Port and click "OK.

Step 4: In the "new rule attributes" dialog box,
Select "new IP address filter list ",
Then, click the circle on the left to add a vertex,
Indicates that the filter has been activated. Click the filter action tab.
On the "filter operations" tab, remove the hooks on the left of "use add Wizard,
Click "add" to add the "block" operation (right ):
On the "security measures" tab of "new filter operation attributes,
Select "block" and click "OK.

Step 5. Go to the "new rule attributes" dialog box,
Click "new filter operation". A dot is added to the circle on the left,
Indicates that it has been activated. Click "close" to close the dialog box;
Return to the "new IP security policy attributes" dialog box,
On the left side of the "new IP address filter list,
Click OK to close the dialog box. In the "local security policy" window,
Right-click the newly added IP security policy and select "assign ".

So after the restart, the above Network port on the computer is closed,
Viruses and hackers can no longer connect to these ports, thus protecting your computer

Port 135 is mainly used to use the Remote Procedure Call protocol and provide the DCOM (Distributed Component Object Model) service, by using RPC, programs running on a computer can smoothly execute code on a remote computer. By using DCOM, you can directly communicate through the network, it can transmit data across multiple networks, including HTTP.

Port 139 is provided for "NetBIOS Session Service" and is mainly used to provide Windows file and printer sharing and Samba Service in Unix. To share files in a LAN in Windows, you must use this service.

The script for restarting the server is as follows:

Shutdown/r/d p: 4: 1

Modify win2003 remote desktop port

Generally, the server cannot be restarted at will. Therefore, you can use the above script, and then use windows scheduled tasks to regularly execute the bat file corresponding to the above script at a time.

1. Modify the port:

Simple Procedure: open "start & rarr; Run", enter "regedit", open the registry, and enter the following path:

[HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/Terminal Server/Wds/rdpwd/Tds/tcp], see

Is the PortNamber value available? The default value is 3389 (changed to decimal display) and changed to the expected port, for example, 60000.

2. Then open [HKEY_LOCAL_MACHINE/SYSTEM/CurrentContro1Set/Control/Tenninal Server/WinStations/RDP-Tcp].

To change the PortNumber value (3389 by default) to Port 60000.

Close the registry editor and restart your computer.

Note: The two ports must be the same after the restart.

 
Test whether the port is enabled on the local machine.

Telnet local host 60000
Test whether the remote port 60000 is enabled.

Reminder

If your remote port is changed, we need to add your remote port to the firewall. Otherwise, you will not be able to access the remote server.