Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Ports between ISA and DC

from [Roger A. Grimes] Network Security [Permanent Link]
Subject: RE: Ports between ISA and DC
Date: Fri, 28 Jan 2005 08:32:32 -0500 
I haven't placed ISA in a DMZ or sniff it's traffic to find out for
sure, but here's the documented ports. Of course, you want to make sure
that traffic to and from it, for authentication, is to and from DMZ to
LAN only.

53-for DNS, maybe, so clients can find SRV and Global Catalog records
88-for Kerberos authentication
135-for RPC, but make it a complex filter because the endpoint mapper
will open up other ports.
389-for LDAP (i.e. Active Directory)
464-Kerberos
500-for IPSec if you use that
636-for LDAP over SSL (if you use it)
1701-L2TP if you use it
1723-for PPTP if you use it
4500-for IPSec

You could have other issues, when trying to authenticate over the
Internet, such as Kerberos won't work over the Internet and IPSec/L2TP
must use NAT Transversal.

Good luck.

-----Original Message-----
From: sf_mail_sbm@yahoo.com [mailto:sf_mail_sbm@yahoo.com] 
Sent: Thursday, January 27, 2005 3:49 AM
To: security-basics@securityfocus.com
Subject: Ports between ISA and DC



Hi List,

I have the following config


                     
                 ____
INTERNET <------| FW |--------> Domain Controller (in LOCAL LAN)
                   |
                   |
                 -----
                  ISA (in DMZ)

ISA is doing Web Proxy only

Only users in a particular user group can access the web

Trying to find out the ports that ISA needs to talk with the DC for
authentication of users instead of opening all ports on the Firewall

Could not find same from Microsoft site

If someone knows the ports that need to be opened, please share it with
us

Thanks,
Ronish
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: RPC over HTTP security, Kevin Doheny
Next by Date:  Re: Ports between ISA and DC, Hernán M. Racciatti
Previous by Thread:  Re: Ports between ISA and DC, Hernán M. Racciatti
Next by Thread:  RE: Ports between ISA and DC, Price, Robert H
Indexes:  [Date] [Thread] [Top] [All Lists]