To obtain began, open Local Security Policy under Administrative Tools in Home windows 2000 Server right-click IPSec Policies on Local Machine, and choose Create IPSec Policy, which starts the IPSec Policy Wizard. Key in a descriptive name (e.g., Block Incoming Connections to file for Discussing), as Figure 1 shows. Click Next four occasions, accepting the defaults, before you begin to see the Rules tab, as Figure 2 shows.
At this time, you essentially possess a blank IPSec policy you have to give a new rule. To show the safety Rule Wizard, click Add, and click on Next around the first 2 pages until you’re able to the safety Rule Wizard page, in which you see Network Type, as Figure 3 shows. You may choose whether this insurance policy pertains to packets in your internal LAN, remote access dial-up connections, or both. If you are only attempting to safeguard this computer when it is attached to the Internet via a modem, you are able to select Remote access. However, if you would like defense against malicious users in your internal LAN too, select All network connections, and click on Next two times (before you begin to see the window using the IP Filter List, as Figure 4 shows).
Next, you have to create an IP filter list that describes the kind of packets that you need to apply this IPSec rule. As you can tell, the 2 existing policies that Figure 4 shows are extremely broad for your requirements, so click Add. Change the the hepa filter list to Incoming file share access, as Figure 5 shows, and click on Add. Come with the Filter Wizard, indicating Any Ip as Source address, My Ip as Destination address, TCP because the Protocol type, and 139 because the “Destination port.” After finishing the IP filter list, you have to edit the brand new filter and obvious the Mirrored check box, as Figure 6 shows. Add more filters for TCP ports 445, 137 and138 (they are UDP ports), 139, and 445 to accomplish a specific item in Figure 5. NetBIOS-based file discussing uses ports 137 and 139, and customary Internet File Discussing (CIFS) uses port 443. (To get rid of Win2K’s reliance on NetBIOS, Win2K defaults to presenting CIFS for file-discussing sessions.) Click Close, as Figure 5 shows, to go back to the IP Filter List, as Figure 4 shows. Choose the new filter list you produced, and click on Next to visit the Filter Action page, as Figure 7 shows.