Re: What tool? Fastest way to generate port info to build acl protection?

[Jason Haar <Jason.Haar () trimble co nz>]

Turnquist,Wayne wrote:
> 1st Goal: To map-document all systems and business traffic that needs to cross to/from our site.
> 2nd Goal: Create cisco acl to install on our router to permit for now all needed ports for goal number 1 and deny 
> everything else
>   
Your 2nd goal will be IMPOSSIBLE without more work than just mapping it.

Windows relies heavily on RPC - which involves *dynamically* allocating
port numbers.  So does Exchange, so does....

There aren't static ports that you could base firewall ACLs on

However, regedit is your friend. Read all appropriate Microsoft
whitepapers and you may be able to hardwire Active Directory and
Exchange and whatever else to use static ports, and then away you go.

However, I think you are trying pushing the proverbial up hill there... ;-)

For internal Windows networks its usually best to focus on defining
categories of machines (e.g. HR, finance) and ACL them off - leaving the
rest of the network open.

Just my opinion - based on a lot of experience (i.e I've tried to do it too)

-- 

Cheers

Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1



-------------------------------------------------------
This SF.Net email is sponsored by the JBoss Inc.  Get Certified Today
Register for a JBoss Training Course.  Free Certification Exam
for All Training Attendees Through End of 2005. For more info visit:
http://ads.osdn.com/?ad_id=7628&alloc_id=16845&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users