Closing ports

Posted on 2005-04-26
Last Modified: 2013-12-04
Hi all!

I am locking down the server I administer and I wanted some advice on what ports to leave open versus those which should be closed.  I am basically running some ASP.NET pages that use a combination of java, C# and html.  I am also running a SQL database.  It also acts as a file share for the rest of my office.  Which ports should be left open for these types of applications and which can I close off without changing how any of this runs?  I am new to this so if you need more information I would be glad to provide, just let me know what you need (the more specific, the better).


Question by:jamogle
    LVL 25

    Accepted Solution

    routers and firewalls open/close ports in that they either allow or disallow traffic on specified ports to go "through" them.  On the OS level you either have "services" turned on or turned off.  If they are turned on then the compuer is "listening" on the specified port.  For example if you have IIS (web server) service turned on then that computer will be listening on port 80 by default.  That being said.  Basically turn off any services that you dont need.  For example dont have the DNS service turned on unless you are going to use this server as a DNS server.  

    Also, as mentioned earlier you open/close ports on your router/firewall.  If this machine is open to the public and you are only using it to host webpages, then the ONLY port that you should have open on your firewall/router is port 80 since you dont want anyone from the outside accessing anytihng else on your server.
    LVL 8

    Assisted Solution


    if your trying to firewall the server from the internet, then i would reccomend ONLY leaving ports open that you absolutley need.
    port 80 for web traffic
    port 25 for FTP
    do you allow telnet?
    do you allow external VPN connections?

    if not, and all you allow in from the internet is web traffic, then port 80 is the only one u need open.
    if your trying to firewall your server from the LAN and internet, then you are going to run into alot of problems and will need 2 firewalls instead of just 1.
    your LAN users need more access to the server than would a internet user, this means those ports for SQL... would have to be opened and would be available from the internet too!
    you would have to place a firewall inbetween the server and the internet, block all ports ununsed by internet users.
    then place a firewall inbetween the LAN and your server and block all ports unused by internal clients.

    ideally, you should be able to trust your employees to the point of not having to firewall them. you can always use server logs to track abuse caused by internal users.

    the internet is what your really worried about. this is where "better to have it and not need it, than need it and not have it" turns into "better to need it and not have it..."

    Author Comment

    Great guys thanks for the advice!

    I am upping the points to 150 and splitting them evenly

    Thanks again!

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Do You Know the 4 Main Threat Actor Types?

    Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

    Suggested Solutions

    No security measures warrant 100% as a "silver bullet". The truth is we also cannot assume anything but a defensive and vigilance posture. Adopt no trust by default and reveal in assumption. Only assume anonymity or invisibility in the reverse. Safe…
    In a recent article here at Experts Exchange (, I discussed my nine-month sandbox testing of the Windows 10 Technical Preview, specifically with respect to r…
    It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
    Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…

    761 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    8 Experts available now in Live!

    Get 1:1 Help Now