I'm running DSL and have a 765? cisco router from Qwest.net. How do I shut down some of the ports that I don't really need? like port 21,23 and tftp? running win2000 server. I taken I have to do this from the router correct? thanks in advanced.

Not necessarily from the router. Your PC could do it just as well. The standard method of closing and opening ports is a firewall, which is good stuff regardless if you think you need the protection or not. Load up a freebie (firewall) like Zone Alarm. It will query you for ports and applications that you want and don't want, when those ports/applications present themselves. You can download zone alarm from places like www.cnet.com. D

Access control lists. The 765 has a basic Cisco IOS that supports ACL. If you've never done it before, then I would definitely read up on it. They can be a little confusing, but really aren't very hard to do. There is a lot of resource material out there on setting ACLs. I would try doing router hacks before installing software like ZoneAlarm or BlackIce. The software is intrusive, and sometimes buggy.

Professionally I disagree, but it is "an" option. The diference is is that with ACL you have to "know" what ports you want to block, with a firewall, it will ask you what ports ou want to block. That comes in handy because if you block one port, nothing stopping an application from using another port, so unless you know all the ports you want to block you are not doing yourself any good. In the world of data security, ACL are considered the lowest level of firewalling. It only inspects at best to the port level. With more professional firewalls you get what is called "stateful", and some do what is called "proxy". These are better because they go beyond protection at the port level, and can maintain security up through the application level. Also ACLs only "close" ports. It's better to put your ports in "stealth". Stealth means that not only is the port closed, but if scanned your ports will not report their status. Most firewalls can perform this function, ACLs do not. Also, Firewalls such as Zone Alarm, are more intuitive to use, than learning ACLs. If you don't put the list in proper order, you can block yourself just as easily as block the outside (make sure you pay close attention to your "permit" and "deny" statements), and never know it, unless you know how to do debugging/troubleshooting in the Cisco IOS. But it is an option. D

Windows SERVICES can DISABLE TELNET SMTP, things that you don't USE at all. And also to close a port, you have to know what program is repsonsible for OPENING the port. A great program to try is called ACTIVE PORTS v 1.4 on the web by a search You can close processes and programs and such from within ACTIVE PORTS Kind of like a SUPER version of NETSTAT

Definitely do not do ACLs, you forget to put "permit any any" at the end and you will be diagnosing crap for a while...Definitely just get a cheap firewall program. But if you REALLY need security, you could always get a PIX...hehe...

You see, you really don't have to invest much on firewalls just to close all those ports although it do provide better security than simple ACL... But if your only purpose is to close critical but unnecessary ports, you may opt to use the native IP Security of your Win2K Server (under Local Security snap-in and right-click on IP Security, etc.). However, the limitation is, this only blocks the ports on that server... if you have other servers, you may have to setup the IP Sec on each of the machine. So alternatively (as the other guys said) you may use your router's ACL... Hope this helps...