I have the following TCP ports open. Do I need them?

[WoundedWallet]

If not, how do I close them? They are all conected to the Domain I'm running on my W2k webserver.

echo
discard
daytime
qotd
chargen
epmap
https
microsoft-ds
1025
1026
1029
1030
1033
2308
3372

And how about the UDP ones?

Most of the above plus...
1028
1031
3456
1027
isakmp

Just in case anybody is wondering. I also have others open like pop3, smtp, domain... because I run a webserver, and netbios because of my home network.

Thanks,
WW

 

[WoundedWallet]

cough! cough!

bad alergy day...

 

[jsm]

I think the important thing I need to know is what exactly the purpose of the macine is. Is it purely a web server?

I believe NT does let you close all ports and then open the specific ones you want to. I think what is more important is just putting all in the port mappings on your router/gateway instead of on the www server. Of course, this assumes that you have a gateway/router that is separate from your www server.

My personal belief is to have the minimal amount of ports open for the world to see.

 

[WoundedWallet]

Thanks jsm,

yes the machine is purely a web and mail server.

And no I don't have a router, yet. Never used one but assume it works on the same principle as my software firewall, ie: everything is closed by default until you make a rule to open it.

Also I don't know much about security, but I know if people don't know you're there then the job is half done.

So... how do you close ports in NT or W2k? And which of the ports I have open are necesary for a webserver to live?

WW

 

[jsm]

It has been some time since I looked over IP on an NT4 box, but let me see what I can remember.

I believe that by default, all ports are open on an NT box. This is not necessarily a bad thing because there has to be an hole or problem with some aspect of NT and then the person who is attacking your machine has to know about it and then they have to be able to exploit these issues. But, let's assume that everyone cracker in the world is an expert on NT security - so we have to close up everything but the base essentials.

Do this:

Go to your network properties.
Go to Protocols tab.
Look for TCP/IP and view the properties of that.
Click on the advanced button.
Click on Enable Security.
Then click on Configure.

From here, you can define everything you need to on your server. This is not the best solution, but it is functional.

I would recommend only allowing port 80 and maybe port 25 if you are using IIS mail delivery feature. You will obviously need to tailor this to the specifics of your situation, whatever they may be.