Windows Server 2003 Recommended Baseline Security
Windows Server 2003 Recommended Baseline Security
Windows Server 2003 Recommended Baseline Security
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Unclassified ITSG for <strong>Windows</strong> <strong>Server</strong> <strong>2003</strong><br />
REM Revision History<br />
REM 0000 - Original February 05, <strong>2003</strong><br />
REM 0000 - Original April 03, <strong>2003</strong><br />
:IPSec Policy Definition<br />
netsh ipsec static add policy name="Packet Filters - Print" description="<strong>Server</strong><br />
Hardening Policy" assign=no<br />
:IPSec Filter List Definitions<br />
netsh ipsec static add filterlist name="CIFS/SMB <strong>Server</strong>" description="<strong>Server</strong><br />
Hardening"<br />
netsh ipsec static add filterlist name="NetBIOS <strong>Server</strong>" description="<strong>Server</strong> Hardening"<br />
netsh ipsec static add filterlist name="Terminal <strong>Server</strong>" description="<strong>Server</strong><br />
Hardening"<br />
netsh ipsec static add filterlist name="ALL Inbound Traffic" description="<strong>Server</strong><br />
Hardening"<br />
:IPSec Filter Action Definitions<br />
netsh ipsec static add filteraction name=SecPermit description="Allows Traffic to<br />
Pass" action=permit<br />
netsh ipsec static add filteraction name=Block description="Blocks Traffic"<br />
action=block<br />
:IPSec Filter Definitions<br />
netsh ipsec static add filter filterlist="CIFS/SMB <strong>Server</strong>" srcaddr=any dstaddr=me<br />
description="CIFS/SMB <strong>Server</strong> Traffic" protocol=TCP srcport=0 dstport=445<br />
netsh ipsec static add filter filterlist="CIFS/SMB <strong>Server</strong>" srcaddr=any dstaddr=me<br />
description="CIFS/SMB <strong>Server</strong> Traffic" protocol=UDP srcport=0 dstport=445<br />
netsh ipsec static add filter filterlist="NetBIOS <strong>Server</strong>" srcaddr=any dstaddr=me<br />
description="NetBIOS <strong>Server</strong> Traffic" protocol=TCP srcport=0 dstport=137<br />
netsh ipsec static add filter filterlist="NetBIOS <strong>Server</strong>" srcaddr=any dstaddr=me<br />
description="NetBIOS <strong>Server</strong> Traffic" protocol=UDP srcport=0 dstport=137<br />
netsh ipsec static add filter filterlist="NetBIOS <strong>Server</strong>" srcaddr=any dstaddr=me<br />
description="NetBIOS <strong>Server</strong> Traffic" protocol=UDP srcport=0 dstport=138<br />
netsh ipsec static add filter filterlist="NetBIOS <strong>Server</strong>" srcaddr=any dstaddr=me<br />
description="NetBIOS <strong>Server</strong> Traffic" protocol=TCP srcport=0 dstport=139<br />
netsh ipsec static add filter filterlist="Terminal <strong>Server</strong>" srcaddr=any dstaddr=me<br />
description="Terminal <strong>Server</strong> Traffic" protocol=TCP srcport=0 dstport=3389<br />
netsh ipsec static add filter filterlist="ALL Inbound Traffic" srcaddr=any dstaddr=me<br />
description="ALL Inbound Traffic" protocol=any srcport=0 dstport=0<br />
128 March 2004 Role Based <strong>Server</strong> Policies