Detailed explanation on win2008 IP security policy to close ports, prohibit ping, modify port 3389, and open designated ports

This article mainly introduces windows server 2008 IPSecurityThe policy closes the port, prohibits ping, modifies the remote connection 3389 port, and opens the specified port. Friends in need can refer to the following

windows server 2008 IP security policy closes the port:

Solve the problem that the Tomcat service cannot be accessed.

Windows has many ports open by default. When you surf the Internet, network viruses and hackers can connect to your computer through these ports. In order to make your system relatively secure, you should block some uncommon ports, mainly including: TCP 135, 139, 445, 593, 1025 ports and UDP ports 135, 137, 138, 445, and some backdoor ports of popular viruses ( Such as TCP 2745, 3127, 6129 ports), and remote service access port 3389.

Now briefly introduce the steps to close some ports of Windows Server2008:

1. Click Control Panel-Administrative Tools", double-click to open "Local Policy", select "IP Security Policy, on the local computer "Right-click the blank space on the right, a shortcut menu will pop up, select "Create IP Security Policy", and a wizard will pop up. Click Next in the wizard. When the "Secure Communication Request" screen is displayed, click the button to the left of "Activate Default Corresponding Rules" Leave it blank by default, and click "Finish" to create a new IP security policy

2. Right-click the new IP security policy you just created in the "Properties" dialog box. , remove the check mark on the left side of "Use Add Wizard", and then click the "Add" button on the right side to add a new rule. Then the "New Rule Properties" dialog box will pop up. Click the "Add" button on the screen to pop up IP filtering. Filter list window. In the list, first remove the check mark on the left side of "Use Add Wizard", and then click the "Add" button on the right side to add a new filter.

3. Enter "Filter Properties". In the dialog box, the first thing you see is the address search. Select "Any IP Address" for the source address, select "My IP Address" for the destination address, click the "Protocol" tab, and select "Select Protocol Type" from thedrop-down list# Select "TCP" in ##, then enter "135" in the text box under "To this port" and click OK. This will add a filter that blocks the TCP135 port, which can prevent the outside world from connecting to you through port 135.After clicking OK, return to the filter list dialog box, and you can see that a policy has been added. Repeat the above steps to continue adding TCP137 139 445 593 1025 2745 3127 3128 3389 6129 port and udp 135 139 445 port. Create corresponding filters for them. Create the filters for the above ports, and finally click the OK button

checkboxon the left indicates that it has been activated. Finally, click on the "Filter Operations" tab, remove the hook on the left of "Use Add Wizard", and click the "Add"button. , in the "Security Method" tab of "New Filter Action Properties", select "Block", and then click "Apply" "OK"

Modify the remote connection 3389 port:##.#How to modify port 3389 in Windows 2003 (common to windows server 2008)

I am going to host the server today, and I need to modify the server port 3389. I searched online and found it, so I will save it for this purpose

To prevent others from scanning the remote desktop connection port and ensure the security of the server, we can modify port 3389.

There are two steps in total: one is to modify the port settings on the server side; the other is the client connection method. The method is as follows (taking Windows Server 2003 as an example,

systems are for reference only):1. Modify the port settings on the server side (there are 2 places in the registry that need to be modified)

1. The first place:

[H KEY _LOCAL_MACHINE\SYSTEM\ Current Control Set \Control\Terminal Server\Wds\rdpwd\Tds\tcp]

PortNumber value, the default is 3389, select decimal and change it to the port you want (the range is 1024 to 65535, and it cannot conflict), such as 6000, see the figure below:

2. Second place:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp]

PortNumber value, the default is 3389, select Decimal, change it to the port you want (ranging from 1024 to 65535, and no conflict), such as 6000, see the picture below:

3. Restart the system to make the settings take effect.

Note: The ports modified twice must be consistent.

In fact, it is also possible to modify only the second part.

In addition, the standard connection form at the second place is: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\ ], where represents a specific RDP-TCP connection (here There should be one or more subkeys similar to RDP-TCP, depending on how many RDP services you have established), and change the PortNumber as well.

2. Client connection method

1. Open the remote desktop connection: under XP/2003, enter "mstsc" in the run).

2. Connection format: IP: modified port, such as 10.10.10.10:6000

win7 (Server 2008 R2) firewall settings open a certain port

Sometimes during the development process, others need to connect to your local computer to access the website. The firewall will block external access. You can open a local port so that others can access it.

1. Find the firewall

2. Click Advanced Settings

3. Click "Enter" "Site Rules" and then click "New Rule":

4. Click "Port"

5. Fill in The port number you want to open, I use 9999 here:

6. Default next step, next step, and finally give your setting a name, whatever you want, I will here To use pass9999point, let the 9999 port pass

7. Click Finish. You can see the rules you set in the list, and then this port can be accessed by the outside world. Instead of turning off all firewalls:

The above is the detailed content of Detailed explanation on win2008 IP security policy to close ports, prohibit ping, modify port 3389, and open designated ports. For more information, please follow other related articles on the PHP Chinese website!