The terms “server” and “network” go hand-in-hand. Without a
network, a server is essentially useless. Putting a server on a network means
opening ports on that server to listen and respond to incoming requests, but
every port you open can lead to potential security problems.

It’s a good idea to closely monitor the ports that are open
on a server in order to identify unwanted or rogue services, and identify other
services that can be shut down to improve security. One tool you can use to
monitor open ports is the netstat command, included
with Windows 2000 Server.

To identify ports with netstat,
open a command console and type the following command: netstat -a. To view IP address for local and remote addresses rather
than host names, add the -n switch: nestat -an. If you only want to view active connections and not
listening ports, use the netstat command without any

There are other tools you can use in addition to netstat to monitor your server’s ports. For example, GFI LANguard Network Security Scanner is a
great tool for analyzing and monitoring the network. You can download a trial
copy before buying. Or, have a look at GFI’s
stripped-down freeware version, also available by download.

Miss a tip?

Check out the Windows 2000 Server Archive,
and catch up on the most recent tips from this newsletter.

Want more Win2K tips
and tricks? Automatically
sign up for our free Windows 2000 Server newsletter
, delivered each