Select TCP from the Protocol drop-down list. Two new text boxes called Source port and Destination port appear. In the Destination port text box, enter 6699, which is the default port that Napster uses. Leave the other settings as they are, then click OK. By following these steps, you tell Win2K to block any inbound connections to the external Internet connection destined for port 6699 from any network to any network. Another good port to block is the nefarious NetBIOS port 139. Blocking port 139 helps prevent a wide number of exploits against NetBIOS on this port.
You can use IP filters on many ports. For example, if you know the IP address range of a particular service, such as @Home, from which you experience a lot of intrusion attempts, consider entering that service's network address information. For more information about configuring inbound ports for various network services (e.g., SMTP, Network News Transfer Protocol—NNTP), see the Microsoft article "How to Configure Input Filters for Services That Run Behind Network Address Translation" (http://support.microsoft.com/support/ kb/articles/q254/0/18.asp).
Here's another tip: If you don't already have a full DHCP service running on your NAT server, you can configure NAT to provide DHCP services by selecting that option after NAT installation. To find this option, right-click your NAT server in the RRAS console, then select Properties. In the NAT Properties dialog box, click the Address Assignment tab, then select the Automatically assign IP addresses by using DHCP check box. NAT will automatically assign the appropriate addresses for your clients. However, depending on the complexity of your network, you might want to use Win2K DHCP services to configure your own DHCP scope.
Beyond being an effective way to connect small to midsized networks to the Internet, NAT can also provide security through a basic firewall design. This method is commonly referred to as "security through obscurity" because the Internet sees only the one valid Internet IP address, not the 30 or 40 invalid IP addresses on the inside. Of course, this obscurity doesn't mean that any systems behind a NAT implementation are automatically safe from a truly determined intruder, but obscuring your systems with NAT can make things quite a bit harder for such an intruder.
Putting NAT to Work in Your Environment
Take some time to set up and configure a NAT implementation on your network or on a test network to learn the ins and outs of this service. Many different applications are available for NAT in small and larger companies as well as in home networks.
End of Article
Prev. page
1
2
[3]
next page -->
