"Yosemite Sam" <Yosemite.Sam@gsaa.com> wrote in message
news:eiVAokqpEHA.3980@TK2MSFTNGP12.phx.gbl...
> If I shut down almost everything else is NT 4.0 (fully patched) secure
> enough to run FTP and www on one box that has no other job function.
> I have it in a DMZ with firewall on each side. I can access it from
inside
> net via FTP if that is necessary to maintain security
> I thought about blocking all but:
> 80 udp
> 80 tcp
> 21 tcp
> 21 udp
> on the adapter advanced properties.
> On adapter advanced propertis there is a udp ports tcp ports and protocols
> list with allow/deny for each, and protocols expects an interger between
0-9
> I think it was.
>
> Q: What values in protocols should be allowed or blocked. Default on
NT4.0
> is of course allow all.
>
> Q: Should I leave more ports open for FTP passive mode?
>
> Q: If so what ports?
>
> Q: What ports need to be open if I wanted to use explorer from another
> machine to access the server from inside the DMZ to post files to be
> downloaded, if that isn't too risky.
>
> TIA
>
> Sam
>
>

<Yosemite.Sam@gsaa.com> wrote:

>If I shut down almost everything else is NT 4.0 (fully patched) secure
>enough to run FTP and www on one box that has no other job function.
>I have it in a DMZ with firewall on each side. I can access it from inside
>net via FTP if that is necessary to maintain security
>I thought about blocking all but:
>80 udp
>80 tcp
>21 tcp
>21 udp
>on the adapter advanced properties.
>On adapter advanced propertis there is a udp ports tcp ports and protocols
>list with allow/deny for each, and protocols expects an interger between 0-9
>I think it was.
>
>Q: What values in protocols should be allowed or blocked. Default on NT4.0
>is of course allow all.
>
>Q: Should I leave more ports open for FTP passive mode?
>
>Q: If so what ports?
>
>Q: What ports need to be open if I wanted to use explorer from another
>machine to access the server from inside the DMZ to post files to be
>downloaded, if that isn't too risky.