hpntbast101_12
- 12 -
is used for RPC End Point Mapping, among other things. In addition, you must tell DCOM which ports you
reserved using the following registry key:
HKEY_LOCAL_MACHINES\Software\Microsoft\Rpc\Internet
You probably will have to create this key.
Here is an example of how to restrict DCOM to a range of 10 ports:
Named value: Ports
Type: REG_MULTI_SZ
Setting: Range of port. Can be multiple lines such as: 3001-3010 135.
Named value: PortsInternetAvailable
Type: REG_MULTI_SZ
Setting: "Y"
Named value: UseInternetPorts
Type: REG_MULTI_SZ
Setting: "Y"
Appendix C References
#
Document
Author(s)
Where
1
Thinking About Firewalls V2.0:
Beyond Perimeter Security
Marcus J. Ranum
http://www.clark.net/pub/mjr/pubs/think/index.htm
2
Building Internet Firewalls
D. Brent Chapman
and
Elizabeth D. Zwicky
O'Reilly & Associates
ISBN: 1-56592-124-0
3
Securing Windows NT
Installation
Microsoft
Corporation
http://www.microsoft.com/ntserver/security/exec/over
view/Secure_NTInstall.asp
4
Building a Bastion Host Using
HP-UX 10
Kevin Steves
http://people.hp.se/stevesk/security/bastion.html
Appendix D Acknowledgements
This white paper would not have been published without the help of the following people:
Hans Jonsson (HP Support) for assisting me with practical tests and being supportive in a UNIX-loving
environment.
Kevin Steves (HP Consulting) for writing an excellent paper on making a bastion host of HP-UX [4] and
correcting my confused attempts to write about this subject in English.
Appendix E Files included in this archive
This document is available for free as an Adobe Acrobat PDF. Its available from
http://people.hp.se/stnor