---

---

- 12 - is used for RPC End Point Mapping, among other things. In addition, you must tell DCOM which ports you reserved using the following registry key: HKEY_LOCAL_MACHINES\Software\Microsoft\Rpc\Internet You probably will have to create this key. Here is an example of how to restrict DCOM to a range of 10 ports: Named value: Ports Type: REG_MULTI_SZ Setting: Range of port. Can be multiple lines such as: 3001-3010 135. Named value: PortsInternetAvailable Type: REG_MULTI_SZ Setting: "Y" Named value: UseInternetPorts Type: REG_MULTI_SZ Setting: "Y" Appendix C – References # Document Author(s) Where 1 Thinking About Firewalls V2.0: Beyond Perimeter Security Marcus J. Ranum http://www.clark.net/pub/mjr/pubs/think/index.htm 2 Building Internet Firewalls D. Brent Chapman and Elizabeth D. Zwicky O'Reilly & Associates ISBN: 1-56592-124-0 3 Securing Windows NT Installation Microsoft Corporation http://www.microsoft.com/ntserver/security/exec/over view/Secure_NTInstall.asp 4 Building a Bastion Host Using HP-UX 10 Kevin Steves http://people.hp.se/stevesk/security/bastion.html Appendix D – Acknowledgements This white paper would not have been published without the help of the following people: Hans Jonsson (HP Support) for assisting me with practical tests and being supportive in a UNIX-loving environment. Kevin Steves (HP Consulting) for writing an excellent paper on making a bastion host of HP-UX [4] and correcting my confused attempts to write about this subject in English. Appendix E – Files included in this archive This document is available for free as an Adobe Acrobat PDF. It’s available from http://people.hp.se/stnor