Re Open Ports UDP and TCP

I have a DLink Dfl600 and I have to tighten up our nertwork without going over the top.

We use Internet Acees, Email,Https sites x 2,skype,Remote Administrator.

What TCP Port numbers and especially UDP Port numbers should I allow in and out of these firewall boxes. We also use TMIS firewall software as well on all 14 pcs.

I need a fairly specific answer as I will be doing 4 of these in different problem area networks all with 2000 or 2003 Server.
LVL 1
stevegw62Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

cnewgaardCommented:
Web/HTTP = port 80
Email (SMTP = 25 and POP3 = 110)
HTTPS = 443
Remote adminstration (I'm assuming MS RDP) = 3389
 
This is what I found on SKYPE, looks like it only cares about outgoing ports

http://web.skype.com/help_firewalls.html

Hope this helps
0
shahrialCommented:
What cnewgaard mentioned are the ports that are required to be opened.
As for Skype VoIP, not required to open additional port as it can tunnel using existing opened ports.
0
stevegw62Author Commented:
This is a list of the ports I have opened or were already opened, my main concern were the UDP ports, as you will see below all of them are open for outbound traffic.
Should it be that way( I am a little concerned)

PS Skype can be configured to whatever I want I chose 60815, and all seems OK. However Remote Administrator doesnt work apparently on 9999 as the software is configured to and has worked prior to the firewall box being installed this morning( I havent tried myself yet unless someone can see below why this might be happening.
 
TCP SMTP(25) Inbound  
 
IGMP - Outbound  
 
ICMP - Outbound  
 
TCP 1 - 65535 Outbound  
 
TCP HTTP(80) Inbound

UDP 1 - 65535 Outbound  
 
TCP 60815 - 60815 Inbound  
 
TCP 9999 - 9999 Inbound  
 
TCP 2003 - 2003 Inbound  
 
TCP 2002 - 2002 Inbound  
 
TCP 2001 - 2001 Inbound  
 
TCP 2000 - 2000 Inbound  
 
TCP 1 - 1 Inbound  
 
ICMP - Inbound  
 
TCP POP3(110) Inbound  
0
ON-DEMAND: 10 Easy Ways to Lose a Password

Learn about the methods that hackers use to lift real, working credentials from even the most security-savvy employees in this on-demand webinar. We cover the importance of multi-factor authentication and how these solutions can better protect your business!

stevegw62Author Commented:
Ps Dont worry about 2000,2001,2002 and 2003 they are there cameras
0
Cyber-DudeCommented:
cnewgaard just explained it;

You need to allow 2000/2003 traffic as well?

Cyber
0
shahrialCommented:
Cyber,
I think stevegw62 is not refering to Microsoft Remote Admin running on RDP.
It might be Remote Administrator = Famatech Radmin - Remote Control Software?

BTW your configuration is not secured....
TCP 1 - 65535 Outbound
UDP 1 - 65535 Outbound  

In this case, if any of your internal machines is compromised, data can flow-out
from your network without much problem.

You can use ethereal to scan your network for port numbers in use, and open only those
necessary, both inbound and outbound.
0
stevegw62Author Commented:
shahrial  

Now we are getting somewhere, this is my concern, the firewall box is default all outgoing UDP and TCP, and this is what I am concerned about. Spyware if downloaded and installed by one of the users in this group of networks by downloading Kaaza or something similar would have a field day.
I will try this "ethereal" and let you know what the outcome is.

And you are correct in saying the program is Remote Administrator which they have to use for there Accountants access. The port required can be changed by both ends allowing a common port number between the 2 pc's with Username and Password for security. They told me it was port 9999, I still haven't checked it yet, I will be doing it today.
0
cnewgaardCommented:
Most firewalls come defaulted to letting nothing in and everything out.  With spyware even if you lock down all ports you don't need they still have the abilities to send to a website (port 80) or email viruses (port 25).  There's not much you can do about those types of things and the writers of this stuff know that.  Your best options are to have good anti-virus and anti-spyware measures in place and hopefully get a chance to give the users a little training on safe web surfing habits.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
shahrialCommented:
agreed with cnewgaard comment:
> Your best options are to have good anti-virus and anti-spyware measures in place and hopefully get a chance to give the users a little training on safe web surfing habits.

Good strategy...defence-in-depth methodology. User awareness and training is just as important...;-)
0
Cyber-DudeCommented:
shahrial, thank you for enlighting me;
And I see that most of the case has been covered; If I might add though:
There are also good process explorers (not the Task Manager) might be helpful in diagnose thus eliminating any possibility of an attack. Those Process Explorers may provide you with real time communicating files image.

Links:
TCPView:
http://www.sysinternals.com/ntw2k/source/tcpview.shtml

Process Explorer:
http://www.sysinternals.com/ntw2k/freeware/procexp.shtml

Hope I helped in some way

Cyber
0
stevegw62Author Commented:
I wanted to split the points as shahrial  contributed to, but I am too slack(busy) to work out how I do that. For all that contributed to the Answers I am extremely grateful.
What I ended up doing was downloading TCPVIEW.exe and thought how can I lock all of the ports down, and decided that all outgoing will have to stay that way. And resticted incoming to as above, with the exception of turning of the ping and its reply. They use TMIS 2005 on all of there machines and seem pretty happy with that and now the firewall box. I suppose its just a matter of staying on top of updates and allowing there exsisting GP's to slow them down internally.

PS Remote admin was working although I forgot to reset there password.........duuuuhhh
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Security

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.