• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 956
  • Last Modified:

Closing ports

Hi all!

I am locking down the server I administer and I wanted some advice on what ports to leave open versus those which should be closed.  I am basically running some ASP.NET pages that use a combination of java, C# and html.  I am also running a SQL database.  It also acts as a file share for the rest of my office.  Which ports should be left open for these types of applications and which can I close off without changing how any of this runs?  I am new to this so if you need more information I would be glad to provide, just let me know what you need (the more specific, the better).


2 Solutions
routers and firewalls open/close ports in that they either allow or disallow traffic on specified ports to go "through" them.  On the OS level you either have "services" turned on or turned off.  If they are turned on then the compuer is "listening" on the specified port.  For example if you have IIS (web server) service turned on then that computer will be listening on port 80 by default.  That being said.  Basically turn off any services that you dont need.  For example dont have the DNS service turned on unless you are going to use this server as a DNS server.  

Also, as mentioned earlier you open/close ports on your router/firewall.  If this machine is open to the public and you are only using it to host webpages, then the ONLY port that you should have open on your firewall/router is port 80 since you dont want anyone from the outside accessing anytihng else on your server.

if your trying to firewall the server from the internet, then i would reccomend ONLY leaving ports open that you absolutley need.
port 80 for web traffic
port 25 for FTP
do you allow telnet?
do you allow external VPN connections?

if not, and all you allow in from the internet is web traffic, then port 80 is the only one u need open.
if your trying to firewall your server from the LAN and internet, then you are going to run into alot of problems and will need 2 firewalls instead of just 1.
your LAN users need more access to the server than would a internet user, this means those ports for SQL... would have to be opened and would be available from the internet too!
you would have to place a firewall inbetween the server and the internet, block all ports ununsed by internet users.
then place a firewall inbetween the LAN and your server and block all ports unused by internal clients.

ideally, you should be able to trust your employees to the point of not having to firewall them. you can always use server logs to track abuse caused by internal users.

the internet is what your really worried about. this is where "better to have it and not need it, than need it and not have it" turns into "better to need it and not have it..."
jamogleAuthor Commented:
Great guys thanks for the advice!

I am upping the points to 150 and splitting them evenly

Thanks again!

Featured Post

What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now