?
Solved

IPSEC Firewall windows 2000

Posted on 2004-08-21
2
Medium Priority
?
369 Views
Last Modified: 2013-12-04
I created an ipsec firewall on windows 2000.  Is there a way for me to export that so I can put it on multiple machines?

Thanks!

Randy
0
Comment
Question by:rjohnsonjr
2 Comments
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 2000 total points
ID: 11860763
Yes... but a word of caution... the IPSEC firewall is eaily by-passed if you bind your source port to port 88 or 500
This is by design... and not a flaw (recently M$ has intorduced ways that prevent this now, sp4 and sp2 for XP)
http://support.microsoft.com/default.aspx?scid=811832 
So someone with  port scanner like Nmap can scan your box by using the following
nmap -sS -g 88 -P0 ip.ip.ip.ip -vv
They would see all the ports that were open, can could use any number of ways to bind their src port to 88,500,46 and get past the firewall.

To export your IPSEC rules, open Secpol.msc (go to the Run line, them type  "secpol.msc" press eter)
-->Highlight<-- "IP Security Policies for Local..." and then go to Action, and you'll see Export List, this will open a window for you to save the list (all policies) and you can specify how they will be saved, Tab Delimited, or Comma... if you want to save just one or two of the rules, you'll have to delete the ones you don't want... I export all, then delete what I do not want- that way there is a backup of the defaults, and the others.
-rich
0
 
LVL 6

Author Comment

by:rjohnsonjr
ID: 11885187
Thanks for your help!  I will definately following with that article :-)


-Randy
0

Featured Post

What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is a guide to the following problem (not exclusive but here) on Windows: Users need our support and we supporters often use global administrative accounts to do this. Using these accounts safely is a real challenge. Any admin who takes se…
Recently, I read that Microsoft has analysed statistics for their security intelligence report. It revealed: still, the clear majority of windows users do their daily work as administrator. An administrative account is a burden, security-wise. My ar…
this video summaries big data hadoop online training demo (http://onlineitguru.com/big-data-hadoop-online-training-placement.html) , and covers basics in big data hadoop .
As many of you are aware about Scanpst.exe utility which is owned by Microsoft itself to repair inaccessible or damaged PST files, but the question is do you really think Scanpst.exe is capable to repair all sorts of PST related corruption issues?
Suggested Courses

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question