?
Solved

How to close those ports

Posted on 2008-06-09
9
Medium Priority
?
383 Views
Last Modified: 2008-07-08
I have installed SBS 2003 Standard (No Isa Server) and ran the wizard that installs the Firewall. Now I check with grc.com ( Shields up) and I have apparently several ports open (21, 25, 80. 443). How can that be? And how can I close them?

Many thanks
0
Comment
Question by:TheoRichel
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +1
9 Comments
 
LVL 7

Expert Comment

by:CorruptedLogic
ID: 21745608
Port 21 is FTP, 25 is SMTP (for email), 80 is HTTP and 443 is HTTPS, you need to have these ports open in order to send/receive mail, browse the web etc.
0
 

Author Comment

by:TheoRichel
ID: 21745879
Thanks. So nothing to worry about? In the past when I worked with ISA-server grc-reported that I operated entirely in stealth modus.
0
 
LVL 7

Expert Comment

by:CorruptedLogic
ID: 21745895
What else is running on the server? I'd guess Exchange and IIS?
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 

Author Comment

by:TheoRichel
ID: 21745950
Yes, the standard package.
0
 
LVL 7

Assisted Solution

by:CorruptedLogic
CorruptedLogic earned 600 total points
ID: 21745974
I would say not to worry, just be sure that you have all the standard stuff enabled/disabled on Exchange (relaying etc, which i think is disabled out of the box these days). I'm not overly familiar with the built in SBS firewall ( I always have an appliance firewall like a PIX on my networks), but from the sounds of things, you'll be fine. You could always block port 21 (ftp) as a test and see if the shieldsup test reports anything different.
0
 
LVL 38

Expert Comment

by:Hypercat (Deb)
ID: 21746001
You should close port 21 (FTP) incoming unless you need to allow incoming FTP traffic.  FTP is very insecure and vulnerable to hacking. Unless you don't have a hardware firewall in place, that would be preferable and more secure than using the Internet connection sharing capabilities of your SBS server.  However, if you don't have a hardware firewall, then you can close the ports you need to close by editing the firewall configuration.
0
 
LVL 38

Accepted Solution

by:
Hypercat (Deb) earned 700 total points
ID: 21746038
Sorry - my bad.  I think you need to edit the TCP/IP settings on the server NIC itself:

http://support.microsoft.com/kb/816792/en-us
0
 
LVL 77

Assisted Solution

by:Rob Williams
Rob Williams earned 700 total points
ID: 21746788
If you want to close any of those ports run the CEICW (Configure E-mail and Internet Conection Wizard) located under server management | Internet and e-mail | connect to the Internet. Within the wizard there is one window with a series of check boxes for the above services. Only check those you plan to use. Best practices states that FTP and Http should not be allowed on a domain controller (SBS). The common/safe ones used on SBS are
443 for OWA
443 & 4125 RWW
444 Sharepoint
A;ll of these use SSL so are quite secure.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 21954405
Thanks TheoRichel.
Cheers !
--Rob
0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This guide is intended for migrating Windows 2003 Standard with Exchange 2003 to Windows Small Business Server 2008. You will need the following: Exchange Best Practice Analyzer: http://www.microsoft.com/downloads/details.aspx?FamilyID=DBAB201F-…
To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses
Course of the Month10 days, 10 hours left to enroll

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question