WINDOWS 2000 SERVER

CONFIGURE TCP/IP FILTERS

Firewalls are standard for every network, but they don't solve all problems. While they do a great job of protecting a network of computers, they do very little for each individual server. This is where a helpful, yet rarely used, Windows 2000 feature can help you. TCP/IP filtering lets you configure special IP filters that determine the type of network traffic that reaches your computer.

You can specify which TCP or UDP ports and IP protocols to allow or not allow into your server. While this is no substitute for a real firewall, it will make your network a little more secure.

To configure IP filters, follow these steps:

1. Open the Network And Dial-Up Connections folder, and right-click the network interface that you want to configure IP filters for.

2. Click Properties, and click Advanced.

3. On the Options tab, select TCP/IP Filtering in the Optional Settings list.

4. Click Properties, and select the Enable TCP/IP Filtering check box.

5. For each filter type (TCP, UDP, IP), you can permit all and deny only specified, or deny everything except the specified. (For instance, if you want to allow only TCP Port 80 to your computer, click Permit Only for all three filter types, and click Add for TCP Ports and specify port 80.)

6. When you're finished, click OK to close the dialog box.

Make sure you properly plan for TCP/IP filtering. Disabling everything except ports you explicitly define creates stronger security because you know exactly what's open. However, when configuring IP filters, you must be very familiar with your network, or some applications might stop working.