[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now


which services or ports need to be opened to allow NT authentication

Posted on 2004-11-12
Medium Priority
Last Modified: 2010-04-09
I'm setting up a CheckPoint firewall (NG version) and have created a rule to allow incoming traffic to a SQL Server.
I've created, and authorized  a User Defined Service to match the SQL Server used query port.
The connection to the SQL Server works fine but I'd like to allow trusted connections (accepted by my SQL Server).
I'm wondering what are the ports or inbound CheckPoint services to authorize so that trusted connection work.
I've successfuly tested trusted connections (authorized ANY to test).
The server that will trust the connection is NT4 not W2K and should not use Kerberos auth (as far as I know).
Question by:fho

Accepted Solution

Julian_C earned 500 total points
ID: 12565528
If it's not AD realted then you should be able to do this with 139 but I've read some stuff around 137 and 138 too. I suggest that you open these all up on TCP and UDP and monitor the traffic you get when you get a trusted connection. Then shut down the others.


Opening up 139 on an NT/2000 box (without configuring it specially) will enable anonymous (unauthenticated) clients  to scan you machine for shares and user/group names etc. It really should be avoided if at all possibel. Even if you turn off anonymous access with the group policy (or straight registry changes) then they'll still be able to attept to brute force access to the c$ share. If you really must do this then rename all the built in accounts (Administrator etc) so that brute forcing requires guessing the username as well as the password.


Author Comment

ID: 12566887
Thanks, I'll do a test.
I was wondering if they wasn't a kind of CheckPoint built in service that would be more secure, but it seems that it only exists for W2K (ie Kerberos).

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Want to learn how to record your desktop screen without having to use an outside camera. Click on this video and learn how to use the cool google extension called "Screencastify"! Step 1: Open a new google tab Step 2: Go to the left hand upper corn…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses
Course of the Month19 days, 9 hours left to enroll

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question