Windows Server 2003 Recommended Baseline Security
Windows Server 2003 Recommended Baseline Security
Windows Server 2003 Recommended Baseline Security
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Unclassified ITSG for <strong>Windows</strong> <strong>Server</strong> <strong>2003</strong><br />
netsh ipsec static add filterlist name="Domain Member" description="<strong>Server</strong> Hardening"<br />
netsh ipsec static add filterlist name="Monitoring" description="<strong>Server</strong> Hardening"<br />
netsh ipsec static add filterlist name="Block Domain Access" description="<strong>Server</strong><br />
Hardening"<br />
netsh ipsec static add filterlist name="ALL Inbound Traffic" description="<strong>Server</strong><br />
Hardening"<br />
:IPSec Filter Action Definitions<br />
netsh ipsec static add filteraction name=SecPermit description="Allows Traffic to<br />
Pass" action=permit<br />
netsh ipsec static add filteraction name=Block description="Blocks Traffic"<br />
action=block<br />
:IPSec Filter Definitions<br />
netsh ipsec static add filter filterlist="CIFS/SMB <strong>Server</strong>" srcaddr=any dstaddr=me<br />
description="CIFS/SMB <strong>Server</strong> Traffic" protocol=TCP srcport=0 dstport=445<br />
netsh ipsec static add filter filterlist="CIFS/SMB <strong>Server</strong>" srcaddr=any dstaddr=me<br />
description="CIFS/SMB <strong>Server</strong> Traffic" protocol=UDP srcport=0 dstport=445<br />
netsh ipsec static add filter filterlist="NetBIOS <strong>Server</strong>" srcaddr=any dstaddr=me<br />
description="NetBIOS <strong>Server</strong> Traffic" protocol=TCP srcport=0 dstport=137<br />
netsh ipsec static add filter filterlist="NetBIOS <strong>Server</strong>" srcaddr=any dstaddr=me<br />
description="NetBIOS <strong>Server</strong> Traffic" protocol=UDP srcport=0 dstport=137<br />
netsh ipsec static add filter filterlist="NetBIOS <strong>Server</strong>" srcaddr=any dstaddr=me<br />
description="NetBIOS <strong>Server</strong> Traffic" protocol=UDP srcport=0 dstport=138<br />
netsh ipsec static add filter filterlist="NetBIOS <strong>Server</strong>" srcaddr=any dstaddr=me<br />
description="NetBIOS <strong>Server</strong> Traffic" protocol=TCP srcport=0 dstport=139<br />
netsh ipsec static add filter filterlist="Terminal <strong>Server</strong>" srcaddr=any dstaddr=me<br />
description="Terminal <strong>Server</strong> Traffic" protocol=TCP srcport=0 dstport=3389<br />
netsh ipsec static add filter filterlist="Block Domain Access" srcaddr=me dstaddr=any<br />
description="Block Domain Access" protocol=TCP srcport=any dstport=1097<br />
netsh ipsec static add filter filterlist="ALL Inbound Traffic" srcaddr=any dstaddr=me<br />
description="ALL Inbound Traffic" protocol=any srcport=0 dstport=0<br />
REM NOTE: IP Address or server names of Domain Controllers must be hardcode into the<br />
dstaddr of the Domain Member filters defined below<br />
netsh ipsec static add filter filterlist="Domain Member" srcaddr=me<br />
dstaddr=192.168.0.1 description="Traffic to Domain Controller" protocol=any srcport=0<br />
dstport=0<br />
REM netsh ipsec static add filter filterlist="Domain Member" srcaddr=me<br />
dstaddr= description="Traffic to Domain Controller" protocol=any<br />
srcport=0 dstport=0<br />
REM NOTE: IP Address or server name of Monitoring server must be hard coded into the<br />
dstaddr of Monitoring filter defined below<br />
REM netsh ipsec static add filter filterlist="Monitoring" srcaddr=me dstaddr= description="Monitoring Traffic" protocol=any srcport=0 dstport=0<br />
120 March 2004 Role Based <strong>Server</strong> Policies