Solved

Network Security: Adding xbox360 live and opening up ports

Posted on 2011-02-21
4
380 Views
Last Modified: 2012-06-27
I have small home office network in a domain controlled by a windows 2003 SBS server. It is protected by a Hotbrick LB2 firewall/router. So far, we have not had any real problems. I believe this is due in part to the fact most ports are turned off, The important ones like port 80 are open. upnp is turned off.

I bought my son an Xbox 360, and naturally he wants to use xbox live. He cannot presently as xbox recognizes that our "NAT" setting is set to "strict." I've researched this problem and MS says that in order to hear conversations and join games, I need to open up certain UPD and UCD? ports.

I can do this several ways, generally opening these ports or do port forwarding to the IP of the xbox unit.

My question is should I. Are there any risks to opening up these ports just to the IP of the xbox or to the whole network generally.

To interested experts, I am also going to post a question about the best settings for the hotbrick LB-2 to provide maximum usability while simultaneously providing maximum security.
0
Comment
Question by:montana4me
4 Comments
 
LVL 9

Accepted Solution

by:
rawinnlnx9 earned 500 total points
ID: 34947797
What you are doing in essence is opening ports and then entrusting the xBox to enforce security properly. Generally speaking this is a safe bet. You could also isolate the xBox on it's own WAN IP and push it outside of your home network with an optional port (essentially you are putting it on it's own local domain that is totally isolated from the other domains. You could also do nothing and just forward the ports. If you do this see if you can change your subnet mask from /24 (255.255.255.0) to a more restrictive subnet mask. If you lock it down to a single IP then that's all they can get to on that port. This wouldn't hurt. You can also get into funky setups where you route xBox traffic to another security device and then put the xBox behind it. All of these are pretty heavy handed approaches.

If you have the ability to set up an optional port as an isolated LAN then do so.

If not trust the xBox to handle attempts to breach it's security. Install a good firewall on the server and your other devices on the network (you should anyway) and then apply strict rules to each device.
0
 

Author Comment

by:montana4me
ID: 34954223
Thanks for your answer. Here is a complete list of what the xbox requires to be open for it to function as it was designed to:

TCP 80, UDP 88, UDP 3074, TCP 3074, UDP 53, TCP 53

Obviously TCP 80 is open now but we have done just fine with security. I guess what I am struggling with because I don't really understand what ports do is can an intruder use these ports to compromise our security in a way that they could not use TCP 80?
0
 
LVL 33

Expert Comment

by:digitap
ID: 35187536
This question has been classified as abandoned and is being closed as part of the Cleanup Program. See my comment at the end of the question for more details.
0

Featured Post

Networking for the Cloud Era

Join Microsoft and Riverbed for a discussion and demonstration of enhancements to SteelConnect:
-One-click orchestration and cloud connectivity in Azure environments
-Tight integration of SD-WAN and WAN optimization capabilities
-Scalability and resiliency equal to a data center

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
AVAYA IP Office DHCP Configuration Over a Sonicwal VPN 4 77
RDP Sonicwall 8 88
Website Issue 10 83
port redirection on cisco asa 5520 5 16
We sought a budget ($5,000) firewall solution that would provide all the performance we needed with no single point of failure.  Hosting a SAAS web application in our datacenter, it was critical that we find a way to keep connectivity up and inbound…
Network traffic routing plays key role in your network, if you have single site with heavy browsing or multiple sites, replicating important application data from your Primary Default Gateway ,you have to route your other network traffic from your p…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question