Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Auditing firewall ports opened

Posted on 2014-12-23
7
77 Views
Last Modified: 2015-04-03
Hello experts,

I need to work on an audit on several servers on which the Windows Firewall is enabled with port exceptions.

I am looking for an 'Open Ports Test' tool (exe file) which I can copy from server to server to test the Open Ports. Such tools exist but I am wondering if there is a unique one which I can upload the port numbers I am looking for (perhaps via delimited text) and the tool tells me if they are open or not on that server.

If I can find such a tool, I can quickly prepare text files for required port numbers per server type and quickly audit my server staging without looking into port lists and comparing the opened ones with my port numbers.

Any comments?
Thank you in advance
0
Comment
Question by:bozer
7 Comments
 
LVL 9

Expert Comment

by:Sean
ID: 40514811
I think what  you are looking for is already built into windows. Open command prompt and enter this:

netstat -a

you could also try netstat -a | find "LISTENING" to just find ports that are currently listening
0
 

Author Comment

by:bozer
ID: 40514819
Hello Zindel1,

I use netstat all the time. However, what I need is a tool, perhaps a customized batch file that checks which ports are required to be opened (from a list - based on that Server's functionality) and whether they are actually opened.

Thank you for the comment
0
 
LVL 9

Expert Comment

by:Sean
ID: 40514845
I still think netstat is what you are needing but you need to check the status of each port. If it shows Established then i would say that port is needed. I would say that you should research each server role and find out what ports that role uses and work from there. a lot of the time these roles will be added automatically so i wouldn't go closing ports unless they were created by a GPO or someone manually opened them. There isn't a tool that can do this for you from my experience. You could look at the Security Analyzer by Microsoft to help but i don't think it does everything you are wanting.

http://www.microsoft.com/en-us/download/details.aspx?id=7558
0
 
LVL 6

Expert Comment

by:Rob G
ID: 40515312
I believe Zindel is right on..
If you are looking for all open ports use the Netstat -aon | find "Listening"
You can drill further and do netstat -aon | find /i "443" or whatever the port number is to bring you back what PID is running the port, which will show you the associated software with the port that is open..

If you need additional software, to do penetration testing on the firewall to see all rules..
You can see this in your group policy, if you have your firewall policy running from group policy..
Otherwise you can use this command..

netsh advfirewall show /?

show allprofiles - Displays properties for all profiles.
show currentprofile - Displays properties for the active profile.
show domainprofile - Displays properties for the domain properties.
show global    - Displays the global properties.
show privateprofile - Displays properties for the private profile.
show publicprofile - Displays properties for the public profile.
show store     - Displays the policy store for the current interactive session.

The NetSh Advfirewall command has a load of information as you need it.. /? can be a friend..

Also you can always try Belarc Advisor..
0
 
LVL 13

Accepted Solution

by:
Kini pradeep earned 500 total points
ID: 40527632
all the above is definitely a good advice, Some times when i have to audit servers the customers donot give me access to the devices/ servers so i rely on Portquery/ PortqueryUI from Microsoft and NMAP. These are also helpful tools.,
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

To effectively work with Diskpart on a Server Core, it is necessary to write some small batch script's, because you can't execute diskpart in a remote powershell session. To get startet, place the Diskpart batch script's into a share on your loca…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

838 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question