Restricting Access to Ports

Restricting Access to Ports
Internet architects originally envisioned assigning each new protocol or service its own port number so that it could be easily found and used on any computer. They succeeded, but their plan worked too well. Friendly computers in a local network can find the services easily, but so can any computer connected to the Internet, whether it's being used by friend or foe. Paring down the list of ports that can be accessed in your network is an essential security measure.

Windows includes three different mechanisms that can help secure a system by filtering traffic:

Internet Connection Firewall (available only in Windows XP) is an easy-to-configure tool that you can use to block all incoming traffic except for responses to communications initiated by your computer. This prevents hackers from trying to access ports that might have listeners running.
TCP/IP filters can be used to permit or deny traffic based on source address/port/protocol and destination address/port/protocol. This filter mechanism is typically used by a more sophisticated administrator who needs to allow incoming traffic to a listener.
IP Security (IPSec) is similar to TCP/IP filters but it provides the ability to secure traffic through encryption and authentication. IPSec filters are typically used by very sophisticated administrators who want to permit incoming traffic while protecting against hackers and eavesdroppers.
The following sections discuss each of these mechanisms.