Solved

Network Security: Adding xbox360 live and opening up ports

Posted on 2011-02-21
4
376 Views
Last Modified: 2012-06-27
I have small home office network in a domain controlled by a windows 2003 SBS server. It is protected by a Hotbrick LB2 firewall/router. So far, we have not had any real problems. I believe this is due in part to the fact most ports are turned off, The important ones like port 80 are open. upnp is turned off.

I bought my son an Xbox 360, and naturally he wants to use xbox live. He cannot presently as xbox recognizes that our "NAT" setting is set to "strict." I've researched this problem and MS says that in order to hear conversations and join games, I need to open up certain UPD and UCD? ports.

I can do this several ways, generally opening these ports or do port forwarding to the IP of the xbox unit.

My question is should I. Are there any risks to opening up these ports just to the IP of the xbox or to the whole network generally.

To interested experts, I am also going to post a question about the best settings for the hotbrick LB-2 to provide maximum usability while simultaneously providing maximum security.
0
Comment
Question by:montana4me
4 Comments
 
LVL 9

Accepted Solution

by:
rawinnlnx9 earned 500 total points
ID: 34947797
What you are doing in essence is opening ports and then entrusting the xBox to enforce security properly. Generally speaking this is a safe bet. You could also isolate the xBox on it's own WAN IP and push it outside of your home network with an optional port (essentially you are putting it on it's own local domain that is totally isolated from the other domains. You could also do nothing and just forward the ports. If you do this see if you can change your subnet mask from /24 (255.255.255.0) to a more restrictive subnet mask. If you lock it down to a single IP then that's all they can get to on that port. This wouldn't hurt. You can also get into funky setups where you route xBox traffic to another security device and then put the xBox behind it. All of these are pretty heavy handed approaches.

If you have the ability to set up an optional port as an isolated LAN then do so.

If not trust the xBox to handle attempts to breach it's security. Install a good firewall on the server and your other devices on the network (you should anyway) and then apply strict rules to each device.
0
 

Author Comment

by:montana4me
ID: 34954223
Thanks for your answer. Here is a complete list of what the xbox requires to be open for it to function as it was designed to:

TCP 80, UDP 88, UDP 3074, TCP 3074, UDP 53, TCP 53

Obviously TCP 80 is open now but we have done just fine with security. I guess what I am struggling with because I don't really understand what ports do is can an intruder use these ports to compromise our security in a way that they could not use TCP 80?
0
 
LVL 33

Expert Comment

by:digitap
ID: 35187536
This question has been classified as abandoned and is being closed as part of the Cleanup Program. See my comment at the end of the question for more details.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

I recently had the displeasure of buying a new firewall at one of the buildings I play Sys Admin at. I had to get a better firewall than the cheap one that I had there since I was reconnecting the main office to the satellite office via point-to-poi…
Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now