Solved

Auditing firewall ports opened

Posted on 2014-12-23
7
76 Views
Last Modified: 2015-04-03
Hello experts,

I need to work on an audit on several servers on which the Windows Firewall is enabled with port exceptions.

I am looking for an 'Open Ports Test' tool (exe file) which I can copy from server to server to test the Open Ports. Such tools exist but I am wondering if there is a unique one which I can upload the port numbers I am looking for (perhaps via delimited text) and the tool tells me if they are open or not on that server.

If I can find such a tool, I can quickly prepare text files for required port numbers per server type and quickly audit my server staging without looking into port lists and comparing the opened ones with my port numbers.

Any comments?
Thank you in advance
0
Comment
Question by:bozer
7 Comments
 
LVL 9

Expert Comment

by:Sean
ID: 40514811
I think what  you are looking for is already built into windows. Open command prompt and enter this:

netstat -a

you could also try netstat -a | find "LISTENING" to just find ports that are currently listening
0
 

Author Comment

by:bozer
ID: 40514819
Hello Zindel1,

I use netstat all the time. However, what I need is a tool, perhaps a customized batch file that checks which ports are required to be opened (from a list - based on that Server's functionality) and whether they are actually opened.

Thank you for the comment
0
 
LVL 9

Expert Comment

by:Sean
ID: 40514845
I still think netstat is what you are needing but you need to check the status of each port. If it shows Established then i would say that port is needed. I would say that you should research each server role and find out what ports that role uses and work from there. a lot of the time these roles will be added automatically so i wouldn't go closing ports unless they were created by a GPO or someone manually opened them. There isn't a tool that can do this for you from my experience. You could look at the Security Analyzer by Microsoft to help but i don't think it does everything you are wanting.

http://www.microsoft.com/en-us/download/details.aspx?id=7558
0
 
LVL 6

Expert Comment

by:Rob G
ID: 40515312
I believe Zindel is right on..
If you are looking for all open ports use the Netstat -aon | find "Listening"
You can drill further and do netstat -aon | find /i "443" or whatever the port number is to bring you back what PID is running the port, which will show you the associated software with the port that is open..

If you need additional software, to do penetration testing on the firewall to see all rules..
You can see this in your group policy, if you have your firewall policy running from group policy..
Otherwise you can use this command..

netsh advfirewall show /?

show allprofiles - Displays properties for all profiles.
show currentprofile - Displays properties for the active profile.
show domainprofile - Displays properties for the domain properties.
show global    - Displays the global properties.
show privateprofile - Displays properties for the private profile.
show publicprofile - Displays properties for the public profile.
show store     - Displays the policy store for the current interactive session.

The NetSh Advfirewall command has a load of information as you need it.. /? can be a friend..

Also you can always try Belarc Advisor..
0
 
LVL 13

Accepted Solution

by:
Kini pradeep earned 500 total points
ID: 40527632
all the above is definitely a good advice, Some times when i have to audit servers the customers donot give me access to the devices/ servers so i rely on Portquery/ PortqueryUI from Microsoft and NMAP. These are also helpful tools.,
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Scenario:  You do full backups to a internal hard drive in either product (SBS or Server 2008).  All goes well for a very long time.  One day, backups begin to fail with a message that the disk is full.  Your disk contains many, many more backups th…
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question