Solved

Network Security: Adding xbox360 live and opening up ports

Posted on 2011-02-21
4
382 Views
Last Modified: 2012-06-27
I have small home office network in a domain controlled by a windows 2003 SBS server. It is protected by a Hotbrick LB2 firewall/router. So far, we have not had any real problems. I believe this is due in part to the fact most ports are turned off, The important ones like port 80 are open. upnp is turned off.

I bought my son an Xbox 360, and naturally he wants to use xbox live. He cannot presently as xbox recognizes that our "NAT" setting is set to "strict." I've researched this problem and MS says that in order to hear conversations and join games, I need to open up certain UPD and UCD? ports.

I can do this several ways, generally opening these ports or do port forwarding to the IP of the xbox unit.

My question is should I. Are there any risks to opening up these ports just to the IP of the xbox or to the whole network generally.

To interested experts, I am also going to post a question about the best settings for the hotbrick LB-2 to provide maximum usability while simultaneously providing maximum security.
0
Comment
Question by:montana4me
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 9

Accepted Solution

by:
rawinnlnx9 earned 500 total points
ID: 34947797
What you are doing in essence is opening ports and then entrusting the xBox to enforce security properly. Generally speaking this is a safe bet. You could also isolate the xBox on it's own WAN IP and push it outside of your home network with an optional port (essentially you are putting it on it's own local domain that is totally isolated from the other domains. You could also do nothing and just forward the ports. If you do this see if you can change your subnet mask from /24 (255.255.255.0) to a more restrictive subnet mask. If you lock it down to a single IP then that's all they can get to on that port. This wouldn't hurt. You can also get into funky setups where you route xBox traffic to another security device and then put the xBox behind it. All of these are pretty heavy handed approaches.

If you have the ability to set up an optional port as an isolated LAN then do so.

If not trust the xBox to handle attempts to breach it's security. Install a good firewall on the server and your other devices on the network (you should anyway) and then apply strict rules to each device.
0
 

Author Comment

by:montana4me
ID: 34954223
Thanks for your answer. Here is a complete list of what the xbox requires to be open for it to function as it was designed to:

TCP 80, UDP 88, UDP 3074, TCP 3074, UDP 53, TCP 53

Obviously TCP 80 is open now but we have done just fine with security. I guess what I am struggling with because I don't really understand what ports do is can an intruder use these ports to compromise our security in a way that they could not use TCP 80?
0
 
LVL 33

Expert Comment

by:digitap
ID: 35187536
This question has been classified as abandoned and is being closed as part of the Cleanup Program. See my comment at the end of the question for more details.
0

Featured Post

Is your NGFW recommended by NSS Labs?

Ours is! NSS Labs Next Generation Firewall Test gives the WatchGuard Firebox M4600 a "Recommended" rating! Curious where your NGFW landed on the  Security Value Map? See the map and download the full report today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We sought a budget ($5,000) firewall solution that would provide all the performance we needed with no single point of failure.  Hosting a SAAS web application in our datacenter, it was critical that we find a way to keep connectivity up and inbound…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question