Good morning everybody. I've been reading with great interest threads relating to Internet security. I'm curious if anybody has information or can point me to a source that can help me configure my machine to be "safer"? I'm running Win2K SP2, using Sygate 2.6 (new). I want to modify my TCP/IP filtering on my PPOE (DSL Connection) and LAN adapter to only permit the Ports necessary for normal Internet activity. I dont do online gaming or use ICQ anymore since AOL bought them. The only other thing I need access to is my company VPN (PPTP) for E-mail and remote Intranet usage. I'm using AVX and AVP for my Anti-Virus solution as well. Any advice or documentation would be greatly appreciated. Thanks....Steve http://www.sysopt.com/forum/smile.gif

[This message has been edited by giant69 (edited 05-26-2001).]

Well-known Ports
(Commonly Used Ports)
7 (Echo)
21 (FTP)
23 (TELNET)
25 (SMTP)
53 (DNS)
79 (finger)
80 (HTTP)
110 (POP3)
119 (NNTP)
161 (SNMP)
162 (SNMP Trap)

Sorry if these don't line up well. These are ports for incoming stuff. Like if you're running a web or mail server. If you just surf, check e-mail, and use VPN, you only need port 80 and the VPN port (1723) open.

Sounds like your not hosting any services so you don't have to open any incoming ports. The only one I'm not sure of is the VPN port. You *may* need to allow a port open for that.

Restricting outgoing ports isn't worth the trouble (IMO). You would need to know every port that you use. Port 80 for most WWW but also port 443 for most secure WWW sites, and sometimes port 8080 for websites. Most of the time these lesser known ports are used in the WWW links and you may not even realize it. Port 110 for accessing most pop3 servers for email. Perhaps port 1723 for your VPN (per M_Six's response). Normally port 25 for sending mail out (SMTP), Normally port 53 to access the DNS servers. Then throw in the fact anytime something isn't accessible over the Internet it may be because a needed outgoing port is blocked. Again, I don't think its worth blocking outgoing ports, for home users, for this reason.

Forgot to mention UPD which was in your subject line. I doubt you would need incoming/outgoing UDP at all unless it would be needed for some DNS activity (but seems unlikely to me).