Using Windows 2000 IP Security policy to close ports-web surfing

Hackers are mostly hacked through ports, so your server can only open the ports you need, so what ports do you need? Here are the common ports you can choose from:

80 for Web site service, 21 for FTP service, 25 for e-mail SMTP service, 110 for email POP3 service.

There are also SQL Server port 1433 and so on, you can find the relevant information on the Internet. Those unused ports must be closed! To close these ports, we can proceed through the Windows 2000 security policy.
With its security policy, it is entirely possible to prevent intruders from attacking. You can access it through the administrative tools → Local Security policy, right-click IP Security Policy, and choose Create IP Security Policy, click Next. Enter the name of the security policy, point [next], until you are done, and you create a security policy:

The next thing you do is right-click IP Security Policy, go to manage IP filters and filter actions, and in the Manage IP filter list You can add ports to block, for example, to turn off ICMP and port 139.

When ICMP is turned off, the hacker software cannot scan your machine without force scanning, nor can it ping your machine. The details of turning off ICMP are as follows: Click Add, and then enter "Turn off ICMP" in the name, add to the right of the point, and then click [Next]. In the source address, select any IP address, point [next]. Select My IP address in the destination address, and click Next. Select ICMP in the protocol, point [next]. Back to the Close ICMP Properties window, the ICMP is turned off.

Next we set off 139, also in the Admin IP Filter List midpoint "Add", the name is set to "Close 139", point to the right of "add", point [next]. Select any IP address in the source address, and click Next. Select My IP address in the destination address, and click Next. Select "TCP" in the protocol, point [next]. In the Settings IP protocol port Select from any port to this port, enter 139 in this port, point [next]. The 139 port is closed and the other ports are set.

Then go to the Settings Management filter action, click "Add", click [Next], enter "reject" in the name, and click [Next]. Select block, point [next].

Then close the property page, right-click the new IP Security policy security, and open the property page. Select Add in the rule, point [next]. Select "This rule does not specify a tunnel", point [next]. Select all network Connections in the Select network type, point [next]. Select "Turn off ICMP" in the IP filter list, and click Next. Select Reject in the filter action, point [next]. This allows you to add the "Turn off ICMP" filter to the IP security policy named security. In the same way, you can join other filters, such as "Close 139".

The last thing to do is to assign the policy, and it will only work when assigned. Right-click Security, select All tasks from the menu, and select Assign. IP Security is set to end, you can set the appropriate policy according to your own situation.

You can also turn off legendary ports: 5500,7000,7100,5100,5000,7200,16300,16301,16302,6000,5600,4900,10000 These ports to prevent players from reproducing the device's purpose, With the shell can also fully realize automatic break start after automatic restart, automatic operation.