Solved

Network Security: Adding xbox360 live and opening up ports

Posted on 2011-02-21
4
378 Views
Last Modified: 2012-06-27
I have small home office network in a domain controlled by a windows 2003 SBS server. It is protected by a Hotbrick LB2 firewall/router. So far, we have not had any real problems. I believe this is due in part to the fact most ports are turned off, The important ones like port 80 are open. upnp is turned off.

I bought my son an Xbox 360, and naturally he wants to use xbox live. He cannot presently as xbox recognizes that our "NAT" setting is set to "strict." I've researched this problem and MS says that in order to hear conversations and join games, I need to open up certain UPD and UCD? ports.

I can do this several ways, generally opening these ports or do port forwarding to the IP of the xbox unit.

My question is should I. Are there any risks to opening up these ports just to the IP of the xbox or to the whole network generally.

To interested experts, I am also going to post a question about the best settings for the hotbrick LB-2 to provide maximum usability while simultaneously providing maximum security.
0
Comment
Question by:montana4me
4 Comments
 
LVL 9

Accepted Solution

by:
rawinnlnx9 earned 500 total points
ID: 34947797
What you are doing in essence is opening ports and then entrusting the xBox to enforce security properly. Generally speaking this is a safe bet. You could also isolate the xBox on it's own WAN IP and push it outside of your home network with an optional port (essentially you are putting it on it's own local domain that is totally isolated from the other domains. You could also do nothing and just forward the ports. If you do this see if you can change your subnet mask from /24 (255.255.255.0) to a more restrictive subnet mask. If you lock it down to a single IP then that's all they can get to on that port. This wouldn't hurt. You can also get into funky setups where you route xBox traffic to another security device and then put the xBox behind it. All of these are pretty heavy handed approaches.

If you have the ability to set up an optional port as an isolated LAN then do so.

If not trust the xBox to handle attempts to breach it's security. Install a good firewall on the server and your other devices on the network (you should anyway) and then apply strict rules to each device.
0
 

Author Comment

by:montana4me
ID: 34954223
Thanks for your answer. Here is a complete list of what the xbox requires to be open for it to function as it was designed to:

TCP 80, UDP 88, UDP 3074, TCP 3074, UDP 53, TCP 53

Obviously TCP 80 is open now but we have done just fine with security. I guess what I am struggling with because I don't really understand what ports do is can an intruder use these ports to compromise our security in a way that they could not use TCP 80?
0
 
LVL 33

Expert Comment

by:digitap
ID: 35187536
This question has been classified as abandoned and is being closed as part of the Cleanup Program. See my comment at the end of the question for more details.
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is to help the many people wanting to know what security systems the pros use and the ins and outs of a basic security system.  I have seen so many questions and made so many comments on this subject so I though this article would help.…
A few customers have recently asked my thoughts on Password Managers.  As Security is a big part of our industry I was initially very hesitant and sceptical about giving a program all of my secret passwords.  But as I was getting asked about them mo…
This tutorial gives a high-level tour of the interface of Marketo (a marketing automation tool to help businesses track and engage prospective customers and drive them to purchase). You will see the main areas including Marketing Activities, Design …
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now