For a MS LAN - There is NO justification for allowing ANY port above 1024 to be open. I know what Microsoft attitude to Port security is and it basically follows allow everything so we don't have to explain opening specific ports for games, voip, irc etc. In a totally MS environment where all you want from your PC is business like applications to use there is NO reason on earth to permit anything above 1024. I have been running a test LAN, small group with such access limits. There is nothing on the internet I cannot do with Ports above 1024 closed. If your need IRC, Messenger services like yahoo in MS do not open ports 1024-65563. There is no requirement in a MS for them to be open. Trust me..It my job occupation. Scott :-X John Andersen wrote:
On Friday 13 April 2007, Darryl Gregorash wrote:
If you have any XP systems in the network you must also enable port 445 on TCP.
The port 1024 reference someone mentioned is in error.
No, it wasn't.
The actual reference was to udp port 1024: which is shorewall shorthand for 1024 and up.
If you are not aware of the use of this in the windows environment you can read up on RPC, DFSR, TrkSvr, and MSDTC services here http://support.microsoft.com/kb/832017
The larger your domain (most especially if you USE a domain at all) you need to allow egress on udp and tcp to the from the server to the local network.
In a simple home network without a domain you can get by without these.