Solved

Auditing firewall ports opened

Posted on 2014-12-23
7
69 Views
Last Modified: 2015-04-03
Hello experts,

I need to work on an audit on several servers on which the Windows Firewall is enabled with port exceptions.

I am looking for an 'Open Ports Test' tool (exe file) which I can copy from server to server to test the Open Ports. Such tools exist but I am wondering if there is a unique one which I can upload the port numbers I am looking for (perhaps via delimited text) and the tool tells me if they are open or not on that server.

If I can find such a tool, I can quickly prepare text files for required port numbers per server type and quickly audit my server staging without looking into port lists and comparing the opened ones with my port numbers.

Any comments?
Thank you in advance
0
Comment
Question by:bozer
7 Comments
 
LVL 9

Expert Comment

by:Sean
Comment Utility
I think what  you are looking for is already built into windows. Open command prompt and enter this:

netstat -a

you could also try netstat -a | find "LISTENING" to just find ports that are currently listening
0
 

Author Comment

by:bozer
Comment Utility
Hello Zindel1,

I use netstat all the time. However, what I need is a tool, perhaps a customized batch file that checks which ports are required to be opened (from a list - based on that Server's functionality) and whether they are actually opened.

Thank you for the comment
0
 
LVL 9

Expert Comment

by:Sean
Comment Utility
I still think netstat is what you are needing but you need to check the status of each port. If it shows Established then i would say that port is needed. I would say that you should research each server role and find out what ports that role uses and work from there. a lot of the time these roles will be added automatically so i wouldn't go closing ports unless they were created by a GPO or someone manually opened them. There isn't a tool that can do this for you from my experience. You could look at the Security Analyzer by Microsoft to help but i don't think it does everything you are wanting.

http://www.microsoft.com/en-us/download/details.aspx?id=7558
0
 
LVL 6

Expert Comment

by:Rob G
Comment Utility
I believe Zindel is right on..
If you are looking for all open ports use the Netstat -aon | find "Listening"
You can drill further and do netstat -aon | find /i "443" or whatever the port number is to bring you back what PID is running the port, which will show you the associated software with the port that is open..

If you need additional software, to do penetration testing on the firewall to see all rules..
You can see this in your group policy, if you have your firewall policy running from group policy..
Otherwise you can use this command..

netsh advfirewall show /?

show allprofiles - Displays properties for all profiles.
show currentprofile - Displays properties for the active profile.
show domainprofile - Displays properties for the domain properties.
show global    - Displays the global properties.
show privateprofile - Displays properties for the private profile.
show publicprofile - Displays properties for the public profile.
show store     - Displays the policy store for the current interactive session.

The NetSh Advfirewall command has a load of information as you need it.. /? can be a friend..

Also you can always try Belarc Advisor..
0
 
LVL 13

Accepted Solution

by:
Kini pradeep earned 500 total points
Comment Utility
all the above is definitely a good advice, Some times when i have to audit servers the customers donot give me access to the devices/ servers so i rely on Portquery/ PortqueryUI from Microsoft and NMAP. These are also helpful tools.,
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
McAfee LiveSafe firewall is blocking a safe website 3 47
GPO for OU 2 40
Raid problem 10 31
lync 2013 7 30
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now