Firewalls
are standards for every network, but they don’t solve all problems. While they
do a great job protecting a network of computers, they do very little for each
individual server. This is where a helpful, yet rarely used, Windows 2000 Server
feature can help you. TCP/IP filtering lets you configure special IP filters
that determine the type of network traffic that reaches your computer.

You can
specify which TCP or UDP ports and IP protocols are or aren’t allowed into your
server. While this is no substitute for a real firewall, it will make your
network a little more secure.

Follow
these steps to configure IP filters:

  1. Open
    the Network And Dial-Up Connections folder, right-click the network interface
    that you want to configure IP filters, and click Properties.
  2. Click
    Advanced, click the Options tab, then select TCP/IP Filtering in the Optional
    Settings list, and click Properties.
  3. Select
    the Enable TCP/IP Filtering check box.
  4. For
    each filter type (TCP, UDP, IP), you can permit all and deny only specified, or
    deny everything except the specified. (For instance, if you want to allow only
    TCP Port 80 to your computer, click Permit Only for all three filter types and
    then click Add for TCP Ports and specify port 80.)
  5. When
    you’re finished, click OK to close the dialog box.

You should
properly plan for TCP/IP filtering. Disabling everything except ports you
explicitly define is secure because you know exactly what’s open, making your
network more secure than it would be if you had all ports open. However, when configuring IP
filters, you must be very familiar with your network or some applications might
stop working.

Miss a column?

Check out the Windows 2000 Server archive, and catch up on the most recent editions of Jim Boyce’s column.

Want more Win2K tips and tricks? Automatically sign up for our free Windows 2000 Server newsletter, delivered each Tuesday!