Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 387
  • Last Modified:

How to close those ports

I have installed SBS 2003 Standard (No Isa Server) and ran the wizard that installs the Firewall. Now I check with grc.com ( Shields up) and I have apparently several ports open (21, 25, 80. 443). How can that be? And how can I close them?

Many thanks
0
TheoRichel
Asked:
TheoRichel
  • 3
  • 2
  • 2
  • +1
3 Solutions
 
CorruptedLogicCommented:
Port 21 is FTP, 25 is SMTP (for email), 80 is HTTP and 443 is HTTPS, you need to have these ports open in order to send/receive mail, browse the web etc.
0
 
TheoRichelAuthor Commented:
Thanks. So nothing to worry about? In the past when I worked with ISA-server grc-reported that I operated entirely in stealth modus.
0
 
CorruptedLogicCommented:
What else is running on the server? I'd guess Exchange and IIS?
0
NEW Internet Security Report Now Available!

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out this quarters report on the threats that shook the industry in Q4 2017.

 
TheoRichelAuthor Commented:
Yes, the standard package.
0
 
CorruptedLogicCommented:
I would say not to worry, just be sure that you have all the standard stuff enabled/disabled on Exchange (relaying etc, which i think is disabled out of the box these days). I'm not overly familiar with the built in SBS firewall ( I always have an appliance firewall like a PIX on my networks), but from the sounds of things, you'll be fine. You could always block port 21 (ftp) as a test and see if the shieldsup test reports anything different.
0
 
Hypercat (Deb)Commented:
You should close port 21 (FTP) incoming unless you need to allow incoming FTP traffic.  FTP is very insecure and vulnerable to hacking. Unless you don't have a hardware firewall in place, that would be preferable and more secure than using the Internet connection sharing capabilities of your SBS server.  However, if you don't have a hardware firewall, then you can close the ports you need to close by editing the firewall configuration.
0
 
Hypercat (Deb)Commented:
Sorry - my bad.  I think you need to edit the TCP/IP settings on the server NIC itself:

http://support.microsoft.com/kb/816792/en-us
0
 
Rob WilliamsCommented:
If you want to close any of those ports run the CEICW (Configure E-mail and Internet Conection Wizard) located under server management | Internet and e-mail | connect to the Internet. Within the wizard there is one window with a series of check boxes for the above services. Only check those you plan to use. Best practices states that FTP and Http should not be allowed on a domain controller (SBS). The common/safe ones used on SBS are
443 for OWA
443 & 4125 RWW
444 Sharepoint
A;ll of these use SSL so are quite secure.
0
 
Rob WilliamsCommented:
Thanks TheoRichel.
Cheers !
--Rob
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

KuppingerCole Reviews AlgoSec in Executive Report

Leading analyst firm, KuppingerCole reviews AlgoSec's Security Policy Management Solution, and the security challenges faced by companies today in their Executive View report.

  • 3
  • 2
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now