1337 uber guides for Securing a MIR Server
By LeoCrasher
============================================
Twas last night when it came to my attention that many of the current servers are susceptable to attack, therefore I have created this guides for yas which shows you how to secure a server using the tools that are supplied with windows XP Pro and above. Of course if you are running a MIR server, I recommend you use Win2003 Server, but XP Pro will do. Following this guides is good as it requires little knowledge about these things, and can be done using software you ALREADY own.
If anyone has problems following this guide, or has any questions - feel free to send them via email or msn to [email protected], or on my forum at http://leocrasher.myftp.org/oldarchive/forum.
NOTE: Some versions of WinXP home don't seem to include IPSec, and WinServer 2003WEB doesn't seem to include the intergrated firewall. Therefore, you may find this guide of limited use.
Who this is essentially for:
WinXP Pro
WinXP MediaCenter
ALL Win2003 (except web)
Contents:
----------------
1. Setting up and configuring the Internet Connection Firewall
2. Setting up IP blocking using IPSec
3. Quickly adding additional IP's to block using IPSec
[Setting up and configuring the Internet Connection Firewall]
This is by far the easiest task, and goes as follows.
1. First goto your control panel and make sure your in classic view, next open Network Connections. Once inside right-click ur internet connection and select 'Properties'.
2. Look at the tops at the top of the window thats appeared, select 'Advanced'. From here tick the box as shown below.
3. Now click the 'Settings' button near the bottom of the window, you will now be presented with a screen SIMILAR to the one below:
4. Click the 'Add' button, where you will now be presented with this box:
5. Now fill the box with these details;
Description: M2UserCount
IP: 127.0.0.1
EXPort: 3000
INPort: 3000
TCP
6. Now repeat steps 4 and 5 using this information:
Description: M2LoginGate
IP: 127.0.0.1
EXPort: 7000
INPort: 7000
TCP
7. Repeat steps 4 and 5 again using this information:
Description: M2SelChrGate
IP: 127.0.0.1
EXPort: 7100
INPort: 7100
TCP
8. Now for the final time, repeat steps 4 and 5 with this information:
Description: M2GameServer
IP: 127.0.0.1
EXPort: 7200
INPort: 7200
TCP
8a. You should now have something that looks like this;
9. You may wish to allow other ports depending on what you want outsiders to be able to access.
10. Click OK/Apply on any dialogs you may have open. The firewall will take effect as soon as you reconnect to the internet.
[Setting up IPSecurity (the thing that lets you block IP addresses)]
This is a very tedious task, but only needs to be done once .
1. Goto Start -> Run and type 'Secpol.msc' without exclamation marks.
2. You should now be presented with the Local Security Settings console.
3. Right click an empty white area in same area as shown below, and click Create IP Security Policy;
4. You will be prompted to call it something, I have chosen the below.
5. Press NEXT and then UNTICK 'Activate the default response rule'. Then press NEXT again, finally press FINISH (leave 'Edit properties' ticked).
6. You will now be presented with a screen like the below;
7. Make sure that <Dynamic> is UNTICKED, and press 'Add...'
8. Press NEXT.
9. When asked to specify a tunnel, make sure 'This rule does not specify a tunnel' is selected, then press NEXT.
10. Network type: All network connections
11. Press NEXT
12. Selec 'Use a certificate from this certification authority' and press BROWSE.
13. Select the certificate at the top of the list and press OK.
14. You should now have a window that looks like this:
15. Press NEXT
16. You should now have a list of IP filter lists, click 'Add...'
17. You will be presented with the 'IP Filter List' window, it will ask for a name which will be set to 'New IP Filter List', change it to 'MIR Blocked IPs'. For a description, enter something like 'My Mir2 servers blocked IP addresses'.
18. Click 'Add...'
19. When asked for a source address, specify 'A specific IP address', and place an example IP address inside the newly created textbox - as shown below (or the IP of someone you wish to block).
20. Press NEXT, and when prompted for a destination address, just leave it as 'Any IP Address'
21. Protocol type: ANY. Press NEXT
22. Make sure 'Edit Properties' is unticked and press FINISH.
23. You will be back at your IP Filter List window, press OK.
24. You will be back at your Security Rule Wizard window, select the circle box of the filter you just created, then press NEXT - as shown below.
25. Now you will be asked what action you wish to take on the list... we want to complety block them, but this isn't on the list so we'll have to make that too.
26. Press 'Add...', then 'NEXT'
27. Give it a name of BLOCK, and a description of 'BLOCK USERS' and press NEXT.
28. Now you will be given a choice of 3 filter actions, select 'Block' and press NEXT.
29. Make sure 'Edit properties' is unticked and press FINISH.
30. You will be back at your filter action choice, you should see that your new BLOCK option is there. Select its circle as shown below.
31. Press FINISH (leaving edit properties ticked).
32. Press OK to the 'New Rule Properties' window that has appeared.
33. A window very similar to the one below should now be shown, make sure that ur newly created rule is ticked. The press CLOSE.
34. Now assign your rule as shown below:
35. Assignment comes into effect immediatly, and does not require a restart or anything else like that.
[Adding additional IP's to block using IPSec]
Since you have created IP blocking, you can now add new IP's to block quite quickly.
1. First open IPSec as shown in "Setting up IP blocking using IPSec" Step 1.
2. Right click your secuirty policy for blocked IP's, which is likely to be called 'MirServer IP Blocking' and click Properties.
3. Select your Blocked IP filter, which is likely to be called 'MIR Blocked IP's' and press 'Edit...'.
4. Again select the filter list you created earlier, likely to be called 'MIR Blocked IPs' and press 'Edit...'.
4a. The IP filter window will now have appeared, you may wish to remove the TEST IP you added earlier, by selecting it (its in the bottom list), and press REMOVE.
5. Press ADD, then NEXT,
6. When asked for a source address select 'A specific IP Address' and enter the IP of the person you wish to ban inside the box.
7. Press NEXT, and when prompted leave the destination address as 'Any IP Address'.
8. Leave the protocol as 'Any' and press NEXT once more.
9. Leave 'Edit properties' unticked and press FINISH.
10. You will be back at your IP filtered list, press OK
11. You will be back at your Edit Rule list, press Apply, then Close/OK.
12. You will be back at your MirServer IP Blocking Properties window, Apply then Close/OK.
13. To make doubly sure its worked, right click your policy, unassign it, then reassign it again. The updates are instant.
Ty blam for postage
/Leo
By LeoCrasher
============================================
Twas last night when it came to my attention that many of the current servers are susceptable to attack, therefore I have created this guides for yas which shows you how to secure a server using the tools that are supplied with windows XP Pro and above. Of course if you are running a MIR server, I recommend you use Win2003 Server, but XP Pro will do. Following this guides is good as it requires little knowledge about these things, and can be done using software you ALREADY own.
If anyone has problems following this guide, or has any questions - feel free to send them via email or msn to [email protected], or on my forum at http://leocrasher.myftp.org/oldarchive/forum.
NOTE: Some versions of WinXP home don't seem to include IPSec, and WinServer 2003WEB doesn't seem to include the intergrated firewall. Therefore, you may find this guide of limited use.
Who this is essentially for:
WinXP Pro
WinXP MediaCenter
ALL Win2003 (except web)
Contents:
----------------
1. Setting up and configuring the Internet Connection Firewall
2. Setting up IP blocking using IPSec
3. Quickly adding additional IP's to block using IPSec
[Setting up and configuring the Internet Connection Firewall]
This is by far the easiest task, and goes as follows.
1. First goto your control panel and make sure your in classic view, next open Network Connections. Once inside right-click ur internet connection and select 'Properties'.
2. Look at the tops at the top of the window thats appeared, select 'Advanced'. From here tick the box as shown below.
3. Now click the 'Settings' button near the bottom of the window, you will now be presented with a screen SIMILAR to the one below:
4. Click the 'Add' button, where you will now be presented with this box:
5. Now fill the box with these details;
Description: M2UserCount
IP: 127.0.0.1
EXPort: 3000
INPort: 3000
TCP
6. Now repeat steps 4 and 5 using this information:
Description: M2LoginGate
IP: 127.0.0.1
EXPort: 7000
INPort: 7000
TCP
7. Repeat steps 4 and 5 again using this information:
Description: M2SelChrGate
IP: 127.0.0.1
EXPort: 7100
INPort: 7100
TCP
8. Now for the final time, repeat steps 4 and 5 with this information:
Description: M2GameServer
IP: 127.0.0.1
EXPort: 7200
INPort: 7200
TCP
8a. You should now have something that looks like this;
9. You may wish to allow other ports depending on what you want outsiders to be able to access.
10. Click OK/Apply on any dialogs you may have open. The firewall will take effect as soon as you reconnect to the internet.
[Setting up IPSecurity (the thing that lets you block IP addresses)]
This is a very tedious task, but only needs to be done once .
1. Goto Start -> Run and type 'Secpol.msc' without exclamation marks.
2. You should now be presented with the Local Security Settings console.
3. Right click an empty white area in same area as shown below, and click Create IP Security Policy;
4. You will be prompted to call it something, I have chosen the below.
5. Press NEXT and then UNTICK 'Activate the default response rule'. Then press NEXT again, finally press FINISH (leave 'Edit properties' ticked).
6. You will now be presented with a screen like the below;
7. Make sure that <Dynamic> is UNTICKED, and press 'Add...'
8. Press NEXT.
9. When asked to specify a tunnel, make sure 'This rule does not specify a tunnel' is selected, then press NEXT.
10. Network type: All network connections
11. Press NEXT
12. Selec 'Use a certificate from this certification authority' and press BROWSE.
13. Select the certificate at the top of the list and press OK.
14. You should now have a window that looks like this:
15. Press NEXT
16. You should now have a list of IP filter lists, click 'Add...'
17. You will be presented with the 'IP Filter List' window, it will ask for a name which will be set to 'New IP Filter List', change it to 'MIR Blocked IPs'. For a description, enter something like 'My Mir2 servers blocked IP addresses'.
18. Click 'Add...'
19. When asked for a source address, specify 'A specific IP address', and place an example IP address inside the newly created textbox - as shown below (or the IP of someone you wish to block).
20. Press NEXT, and when prompted for a destination address, just leave it as 'Any IP Address'
21. Protocol type: ANY. Press NEXT
22. Make sure 'Edit Properties' is unticked and press FINISH.
23. You will be back at your IP Filter List window, press OK.
24. You will be back at your Security Rule Wizard window, select the circle box of the filter you just created, then press NEXT - as shown below.
25. Now you will be asked what action you wish to take on the list... we want to complety block them, but this isn't on the list so we'll have to make that too.
26. Press 'Add...', then 'NEXT'
27. Give it a name of BLOCK, and a description of 'BLOCK USERS' and press NEXT.
28. Now you will be given a choice of 3 filter actions, select 'Block' and press NEXT.
29. Make sure 'Edit properties' is unticked and press FINISH.
30. You will be back at your filter action choice, you should see that your new BLOCK option is there. Select its circle as shown below.
31. Press FINISH (leaving edit properties ticked).
32. Press OK to the 'New Rule Properties' window that has appeared.
33. A window very similar to the one below should now be shown, make sure that ur newly created rule is ticked. The press CLOSE.
34. Now assign your rule as shown below:
35. Assignment comes into effect immediatly, and does not require a restart or anything else like that.
[Adding additional IP's to block using IPSec]
Since you have created IP blocking, you can now add new IP's to block quite quickly.
1. First open IPSec as shown in "Setting up IP blocking using IPSec" Step 1.
2. Right click your secuirty policy for blocked IP's, which is likely to be called 'MirServer IP Blocking' and click Properties.
3. Select your Blocked IP filter, which is likely to be called 'MIR Blocked IP's' and press 'Edit...'.
4. Again select the filter list you created earlier, likely to be called 'MIR Blocked IPs' and press 'Edit...'.
4a. The IP filter window will now have appeared, you may wish to remove the TEST IP you added earlier, by selecting it (its in the bottom list), and press REMOVE.
5. Press ADD, then NEXT,
6. When asked for a source address select 'A specific IP Address' and enter the IP of the person you wish to ban inside the box.
7. Press NEXT, and when prompted leave the destination address as 'Any IP Address'.
8. Leave the protocol as 'Any' and press NEXT once more.
9. Leave 'Edit properties' unticked and press FINISH.
10. You will be back at your IP filtered list, press OK
11. You will be back at your Edit Rule list, press Apply, then Close/OK.
12. You will be back at your MirServer IP Blocking Properties window, Apply then Close/OK.
13. To make doubly sure its worked, right click your policy, unassign it, then reassign it again. The updates are instant.
Ty blam for postage
/Leo