Firewalls are standards for every network, but they don't solve all problems. While they do a great job protecting a network of computers, they do very little for each individual server. This is where a helpful, yet rarely used, Windows 2000 Server feature can help you. TCP/IP filtering lets you configure special IP filters that determine the type of network traffic that reaches your computer.
You can specify which TCP or UDP ports and IP protocols are or aren't allowed into your server. While this is no substitute for a real firewall, it will make your network a little more secure.
Follow these steps to configure IP filters:
- Open the Network And Dial-Up Connections folder, right-click the network interface that you want to configure IP filters, and click Properties.
- Click Advanced, click the Options tab, then select TCP/IP Filtering in the Optional Settings list, and click Properties.
- Select the Enable TCP/IP Filtering check box.
- For each filter type (TCP, UDP, IP), you can permit all and deny only specified, or deny everything except the specified. (For instance, if you want to allow only TCP Port 80 to your computer, click Permit Only for all three filter types and then click Add for TCP Ports and specify port 80.)
- When you're finished, click OK to close the dialog box.
You should properly plan for TCP/IP filtering. Disabling everything except ports you explicitly define is secure because you know exactly what's open, making your network more secure than it would be if you had all ports open. However, when configuring IP filters, you must be very familiar with your network or some applications might stop working.
Miss a column?
Check out the Windows 2000 Server archive, and catch up on the most recent editions of Jim Boyce's column.
Want more Win2K tips and tricks? Automatically sign up for our free Windows 2000 Server newsletter, delivered each Tuesday!