Two ways to disable local ports in Windows Server 2008

Windows systems have many ports open by default. By turning off certain ports, you can improve the security of Windows systems to a certain extent, especially for servers.

You can know the port that the system is currently listening to by the command <netstat -an”.

On the Windows server 2008 system, there are two ways to disable the local port:

1, through the Windows firewall (simple, easy to set up)

2, through IP Security policy (complex, powerful, no firewall)

First, disable the port through Windows Firewall:

1, click “Control Panel-Windows Firewall>, ensure that Windows is enabled Firewall. In the left column, click “Advanced Settings", the system will automatically pop up the Windows Firewall Advanced Configuration window.

2, click on "Inbound Rules", and then click “New Rule …”, select the type of rule to be created in the wizard window, select “port”, click &ldquo The next step is ”.

3. Next, select the type of network you want to disable (TCP or UDP), and write the port you want to disable on the "Specific Local Port", for example, “80”, and then the next step. Select “Block Connection", next step, apply the rules to see the situation change, you can leave it unchanged, continue to the next step, fill in the name <; disable 80 port & rdquo;, click Finish.

4, it should be completed here, the new rules will be enabled directly by default. If not, right click “Enable rules”

Second, disable the port through IP security policy:

1, click “Control Panel-Administrative Tools", open “Local Security Policy”. In the left column, click "IP Security Policy, on the local computer", then right-click in the space on the right, select "Create IP Security Policy", and the IP Security Policy Wizard will pop up.

2, click Next, fill in the name <; disable 80 port policy & rdquo;, then the next step, do not change, continue to the next step, click Finish.

3, the system pops up "properties" dialog box. Cancel the bottom right corner “ use the Add Wizard & rdquo; check, then click “ Add & rdquo;, then pop up “ new rule properties & rdquo; dialog box, click & ldquo; add & rdquo;, pop-up "IP filter list & rdquo;, fill in the name <; disable 80 port & rdquo;, cancel the "Use the Add Wizard" check box on the page, then click "Add", will pop up "IP filter properties".

4, enter the "Filter Properties" dialog box, the source address is selected "any IP address", the target address is selected "My IP address". Next click on the "Agreement" tab, select "<quo;TCP” in the "Select Protocol Type", go to this port and fill in "80”, then click on the "Description" tab, fill in the description “Disable 80”, click “OK”.

5. In the "New Rule Properties" dialog box, select "Disable 80 Ports" and click the check box to the left to indicate that it has been activated. Then click on the <quo;Filter Actions' tab, uncheck the “Use Add Wizard> checkbox, click the “Add” button, in the “New Filter Action Properties" Security Method” In the tab, select “block”, then click “OK”. Then click the checkbox to the left of “block action", then click “OK”.

6, and finally "New IP Security Policy Attributes" dialog box, check the left side of "Disable 80 Port Policy" and press OK to close the dialog box. In the "Local Security Policy" window, right-click the newly added IP Security Policy and select "Assign".