kayabusa
asked on
I need to block ports in windows server 2003 standard edition.
I pay for a Windows 2003 server standard edition in 1&1.
and after reimage the server, i notice with superCan 3.00 (port scanner) that i have open a lot of ports, here is the list:
* + xxx.xxx.xxx.xxx
|___ 7 Echo
|___ 9 Discard
|___ 13 Daytime
|___ 10:14:11 PM 12/23/2005.
|___ 17 Quote of the Day
|___ "The secret of being miserable is to have leisure to bother about whether.. you are happy or not. The cure for it is occupatio
|___ 19 Character Generator
|___ !"#$%&'()*+,-./0123456789:
|___ 21 File Transfer Protocol [Control]
|___ 220 Serv-U FTP Server v6.0 for WinSock ready.....
|___ 25 Simple Mail Transfer
|___ 220 ArGoSoft Mail Server Pro for WinNT/2000/XP, Version 1.8 (1.8.6.0)..
|___ 53 Domain Name Server
|___ 80 World Wide Web HTTP
|___ HTTP/1.1 400 Bad Request..Content-Length: 39..Content-Type: text/html..Date: Sat, 24 Dec 2005 03:14:13 GMT..Connection: close..
|___ 110 Post Office Protocol - Version 3
|___ +OK ArGoSoft Mail Server Pro for WinNT/2000/XP, Version 1.8 (1.8.6.0)..
|___ 554 Real Time Stream Control Protocol
|___ 1025 network blackjack
|___ 1653 alphatech-lm
|___ 1654 stargatealerts
|___ 1655 dec-mbadmin
|___ 1755 ms-streaming
|___ 5800 Virtual Network Computing server
|___ 5900 Virtual Network Computing server
|___ RFB 003.008.
|___ 8080 Standard HTTP Proxy
|___ 8081 WebMail
I only need ports 21, 25,26, 53, 80, 110, 1433, 3389, 5900, 8080, 8081.
My question is, my server is secure from attackers ?
If not, what can i do to secure the server. (please, assume that i'm a novice user)
Thanks all you guys.
Leandro.
and after reimage the server, i notice with superCan 3.00 (port scanner) that i have open a lot of ports, here is the list:
* + xxx.xxx.xxx.xxx
|___ 7 Echo
|___ 9 Discard
|___ 13 Daytime
|___ 10:14:11 PM 12/23/2005.
|___ 17 Quote of the Day
|___ "The secret of being miserable is to have leisure to bother about whether.. you are happy or not. The cure for it is occupatio
|___ 19 Character Generator
|___ !"#$%&'()*+,-./0123456789:
|___ 21 File Transfer Protocol [Control]
|___ 220 Serv-U FTP Server v6.0 for WinSock ready.....
|___ 25 Simple Mail Transfer
|___ 220 ArGoSoft Mail Server Pro for WinNT/2000/XP, Version 1.8 (1.8.6.0)..
|___ 53 Domain Name Server
|___ 80 World Wide Web HTTP
|___ HTTP/1.1 400 Bad Request..Content-Length: 39..Content-Type: text/html..Date: Sat, 24 Dec 2005 03:14:13 GMT..Connection: close..
|___ 110 Post Office Protocol - Version 3
|___ +OK ArGoSoft Mail Server Pro for WinNT/2000/XP, Version 1.8 (1.8.6.0)..
|___ 554 Real Time Stream Control Protocol
|___ 1025 network blackjack
|___ 1653 alphatech-lm
|___ 1654 stargatealerts
|___ 1655 dec-mbadmin
|___ 1755 ms-streaming
|___ 5800 Virtual Network Computing server
|___ 5900 Virtual Network Computing server
|___ RFB 003.008.
|___ 8080 Standard HTTP Proxy
|___ 8081 WebMail
I only need ports 21, 25,26, 53, 80, 110, 1433, 3389, 5900, 8080, 8081.
My question is, my server is secure from attackers ?
If not, what can i do to secure the server. (please, assume that i'm a novice user)
Thanks all you guys.
Leandro.
Just as an aside comment on the good advice above: Ports are "open" if a service is listening to that port. "Closing" the port is effected by shutting down the service - no service = no answer from the port as you scan it.
If you can't stop or disable a certain service, you need some kind of firewall to block out the incoming requests to this port. The firewall can be software (I wouldn't use that on a server) or hardware (as in e.g a router).
Windows seem to enable a lot of really obscure services. Probably you can find som MS FAQ about how to close down your system properly and have only the needed services running.
/RID
If you can't stop or disable a certain service, you need some kind of firewall to block out the incoming requests to this port. The firewall can be software (I wouldn't use that on a server) or hardware (as in e.g a router).
Windows seem to enable a lot of really obscure services. Probably you can find som MS FAQ about how to close down your system properly and have only the needed services running.
/RID
We should start a diffrent way: Please tell us, what kind of service you want to provide. There will me main services and aux. services.
Without that knowledge it's hard to give a proper advice.
Regarding safe or not: Well there hasn't been very much intrusions on "daytime" and "quote of the day" ports... Though I doubt you want to provide them.
I agree with rid, stopping a service instead of blocking a service is the best solution. Take the comment from decoleur to check Mr. Gibson leaktester and post the details.
Secunia says, ArGoSoft Mail Server Pro has issues: http://secunia.com/product/444/
Serv-U FTP Server 6.x. is safe right now: http://secunia.com/product/5878/
Tolomir
Without that knowledge it's hard to give a proper advice.
Regarding safe or not: Well there hasn't been very much intrusions on "daytime" and "quote of the day" ports... Though I doubt you want to provide them.
I agree with rid, stopping a service instead of blocking a service is the best solution. Take the comment from decoleur to check Mr. Gibson leaktester and post the details.
Secunia says, ArGoSoft Mail Server Pro has issues: http://secunia.com/product/444/
Serv-U FTP Server 6.x. is safe right now: http://secunia.com/product/5878/
Tolomir
I would suggest you to make use of the Internet Firewall that comes with Windows 2003 Server. You may have to visit Windows update website to download the patch that will help you execute the Internet Firewall. It provide you a wizard to configure the required settings. For more information, please visit http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/Operations/56b0f52e-61c0-4b85-99cb-911ea7b8bafe.mspx
In case if the Internet Firewall of Windows 2003 Server is not enough, I would suggest you to adopt a software based firewall.
Shaheen
In case if the Internet Firewall of Windows 2003 Server is not enough, I would suggest you to adopt a software based firewall.
Shaheen
Microsoft offers a free security analyzer that will scan your system and and report with detailed security guidance including services running / ports open, missing patches, etc.
"MBSA is an easy-to-use tool designed for the IT professional that helps small and medium businesses determine their security state in accordance with Microsoft security recommendations and offers specific remediation guidance. Improve your security management process by using MBSA to detect common security misconfigurations and missing security updates on your computer systems."
http://www.microsoft.com/technet/security/tools/mbsahome.mspx
"MBSA is an easy-to-use tool designed for the IT professional that helps small and medium businesses determine their security state in accordance with Microsoft security recommendations and offers specific remediation guidance. Improve your security management process by using MBSA to detect common security misconfigurations and missing security updates on your computer systems."
http://www.microsoft.com/technet/security/tools/mbsahome.mspx
if you need a more comprehensive scan you can pay for a one shot nessus scan from a variety of different service providers, like alertra see http://www.alertra.com/security-scan.php and take a look at the sample report. it will identify issues and their solution so you can fix the items brought to light or decide if the effort is worth it and at $25 to scan 5 IPs it is worth it.
-t
-t
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
copy the application TCPView from Sysinternals onto that machine http://www.sysinternals.com/Utilities/TcpView.html and run it to identify what ports your server is listening on.
Then go to an external site and probe your server to evaluate what ports appear to be available to the real world... I would suggest going to https://www.grc.com/ and following the links for ShieldsUp. There is lots of good info there for you.
Some service providers make many ports that aren't actually available on your system appear to be available, so they don't have to add then later as needed.
Just having those ports open or closed is not enough to make your computer secure. You need to maintain the patches for the applications that you are running and the OS that your system is running on, as well as limiting access to only the resources that are necessary, using unique strong passwords for each publicly available service on your machine... etc
This is a start...
Let us know what you come up with.
-t