Windows Server2008 Disable Local ports

Windows Server 2008 Disables local ports

Windows system By default many ports are open. By shutting down certain ports, you can improve the security of your Windows system to some extent, especially for servers.

The command "Netstat-an" allows you to know which port the system is currently listening on.

On Windows Server 2008 systems, there are two ways to disable a local port:

1, through Windows Firewall (relatively simple, easy to set up)

2, through the IP Security policy (more complex, powerful, do not rely on firewalls)

First, disable ports through Windows Firewall:

1, click the "Control Panel-windows Firewall" to ensure that Windows Firewall is enabled. Click "Advanced Settings" in the left column and the Windows Firewall Advanced Configuration window will be automatically ejected.

2, click on "Inbound Rules", and then click "New Rule ...", select the type of rule you want to create in the wizard window, choose "Port" here, click "Next".

3, next select the type of network you want to disable (TCP or UDP), in the "specific local port" write to the port you want to disable, such as "80", and then the next step. Select "Block Connection", next, apply the rule to see the situation change, can maintain the same, continue next, fill in the name "Disable 80 port", click Finish.

4, here should be completed, by default, the new rule will be directly enabled. If not, then right-click "Enable rule".

Disabling ports via IP Security Policy:

1, click "Control Panel-Administrative Tools" to open "local security policy." Click "IP Security Policy on local computer" in the left column, then right-click in the right margin and select "Create IP Security Policy" to eject the IP Security Policy Wizard.

2. Next, fill in the name "Disable 80 port Policy", then next, do not change, continue next, click Finish.

3, the System Pop-up "Properties" dialog box. Cancel the "Use Add Wizard" Check in the lower-right corner, and then click Add. The new Rule Properties dialog box pops up, clicks Add, pops up the IP filter list, fills in the name "Disable port 80", cancels the "Use Add Wizard" Check in the page, and then points to "add", which pops up " IP Filter Properties.

4, enter the "Filter Properties" dialog box, the source address selected "Any IP address", the target address selected "My IP address." Next click on the "Protocol" tab, select "TCP" in "Select protocol type", fill in "80" on this port, then click on the "description" tab, fill out the description "Disable 80" and click "OK".

5. In the New Rule Properties dialog box, select "Disable Port 80" and click the checkbox to the left of it to indicate that it has been activated. Then click on the Filter Action tab, cancel the "Use Add Wizard" Check, click the "Add" button, in the "New Filter Action Properties" of the Security Method tab, select Block, and then click OK. Then click the checkbox to the left of "block action" and click "OK".

6, the last "New IP Security Policy Properties" dialog box, in the "Disable 80 port policy" to the left of the hook, press OK to close the dialog box. In the Local Security Policy window, right-click the newly added IP Security policy and select Assign.