Windows Server 2003 Recommended Baseline Security
Windows Server 2003 Recommended Baseline Security
Windows Server 2003 Recommended Baseline Security
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
<strong>Windows</strong> <strong>Server</strong> <strong>2003</strong><br />
<strong>Recommended</strong> <strong>Baseline</strong> <strong>Security</strong> (ITSG-20)<br />
5.4.4 Workgroup File <strong>Server</strong> IPSec Policy<br />
The following file has been modified from the one supplied as part of the Microsoft <strong>Windows</strong><br />
<strong>Server</strong> <strong>2003</strong> <strong>Security</strong> Guideline. The procedure outlined in 5.1 Role Based IPSec Policies is used<br />
to apply the policy.<br />
REM (c) Microsoft Corporation 1997-<strong>2003</strong><br />
REM Packet Filters for <strong>Server</strong> Hardening<br />
REM<br />
REM Name: PacketFilter-File.CMD<br />
REM Version: 1.0<br />
REM This CMD file provides the proper NETSH syntax for creating an IPSec Policy<br />
REM that blocks all network traffic to a File <strong>Server</strong> except for what is<br />
REM explicitly allowed as described in the <strong>Windows</strong> <strong>2003</strong> <strong>Server</strong> Solution Guide.<br />
REM Please read the entire guide before using this CMD file.<br />
REM Revision History<br />
REM 0000 - Original February 05, <strong>2003</strong><br />
REM 0000 - Original April 03, <strong>2003</strong><br />
:IPSec Policy Definition<br />
netsh ipsec static add policy name="Packet Filters - File" description="<strong>Server</strong><br />
Hardening Policy" assign=no<br />
:IPSec Filter List Definitions<br />
netsh ipsec static add filterlist name="CIFS/SMB <strong>Server</strong>" description="<strong>Server</strong><br />
Hardening"<br />
netsh ipsec static add filterlist name="NetBIOS <strong>Server</strong>" description="<strong>Server</strong> Hardening"<br />
netsh ipsec static add filterlist name="Terminal <strong>Server</strong>" description="<strong>Server</strong><br />
Hardening"<br />
netsh ipsec static add filterlist name="ALL Inbound Traffic" description="<strong>Server</strong><br />
Hardening"<br />
:IPSec Filter Action Definitions<br />
netsh ipsec static add filteraction name=SecPermit description="Allows Traffic to<br />
Pass" action=permit<br />
Role Based <strong>Server</strong> Policies March 2004 125