Network security is the new buzz word around town.
Most people think a network firewall that is setup with the default will protect
their network. The simple fact is no it will not. Not until you are hack will
you know this fact. Of course this comes a little too late. All operating systems
need ports open in order to communicate information regarding active directory,
DNS, DHCP, booting of a computer and more. Some applications need ports open to
work. So where do you reach a safe point where your applications work and they
are secure. The following will address the working ports and what to be
concerned about. Later I will address how to secure it.

Ports to be concerned about are 3389 which is
terminal services ports. If you do not have a firewall in place blocking public
IP address from forwarding to private IP address using this port then you will
want to call a security professional right away. Other ports to be concerned
about are 139 which gives access to network shares.

Another area of ​​concern is the SMB or the
(Server Message Block) protocol. This protocol is used among other things for
file sharing in Windows NT / 2000 / XP. In Windows NT it ran on top of NetBT
(NetBIOS over TCP / IP), which used the famous ports 137, 138 (UDP), and 139 (TCP).
In Windows 2000 / XP / 2003, Microsoft added the possibility to run SMB directly
over TCP / IP, without the extra layer of NetBT. For these they use TCP port 445.
Again all these ports should remain in the private network and your firewall
should block access.

Note: The NETSTAT command will show you
whatever ports are open or in use, but it is NOT a port scanning tool! If you
want to have your computer scanned for open ports see this page instead (link
will follow shortly).

C:> netstat -an | find / i "listening"

TCP 0.0.0.0:1335 0.0.0.0ACE LISTENING

TCP 0.0.0.0:445 0.0.0.0ACE LISTENING

TCP 0.0.0.0:1723 0.0.0.0ACE LISTENING

TCP 0.0.0.0:3389 0.0.0.0ACE LISTENING

TCP 127.0.0.1:1026 0.0.0.0:0 LISTENING

TCP 127.0.0.1:4664 0.0.0.0ACE LISTENING

TCP 192.168.50.127:13.0 0.0.0.0ACE LISTENING

TCP 192.168.100.193:1339 0.0.0.0:0 LISTENING

The netstat command will also show you who is active on your computer. This will
show you what spyware or trojan horses that may have installed on your machine.

Active Connections

Proto Local Address Foreign Address State

TCP argonas: epmap argonas: 0 LISTENING

TCP argonas: microsoft-ds argonas: 0 LISTENING

TCP argonas: pptp argonas: 0 LISTENING

TCP argonas: 3389 argonas: 0 LISTENING

TCP argonas: 1026 argonas: 0 LISTENING

TCP argonas: 2617 localhost: 2618 ESTABLISHED

TCP argonas: 2618 localhost: 2617 ESTABLISHED

TCP argonas: 2619 localhost: 2620 ESTABLISHED

TCP argonas: 2620 localhost: 2619 ESTABLISHED

TCP argonas: 4664 argonas: 0 LISTENING

TCP argonas: netbios-ssn argonas: 0 LISTENING

TCP argonas: 2958 an-in-f104.google.com:http ESTABLISHED

TCP argonas: 3011 va-in-f104.google.com:httpTIME_WAIT

TCP argonas: 3014 eo-in-f147.google.com:http ESTABLISHED

TCP argonas: 3081 unknown.xeex.net:http TIME_WAIT

TCP argonas: 3104 unknown.xeex.net:http ESTABLISHED

TCP argonas: 3903 web1.allaboutsingles.com:httpCLOSE_WAIT

TCP argonas: 4449 static-71-116-207-166.lsanca.dsl-w.verizon.net:pptp ESTABLISHED

TCP argonas: 4762 va-in-f104.google.com:httpCLOSE_WAIT

TCP argonas: netbios-ssn argonas: 0 LISTENING

TCP argonas: 2939 192.168.100.202:1025 ESTABLISHED

TCP argonas: 2957 exchange01.intercore.local: 1419 ESTABLISHED

Once you have locked down all ports then you must be
concerned with internal security. No one in your organization will be allowed to
talk to anyone about any secure information. Even giving out there email
address. Next use devices like honey pots, barracuda spam appliance, Symantec
anti-virus hardware and software. A properly configured network can allow your
workers to work and disallow hackers to work.

Leave a Reply

Your email address will not be published. Required fields are marked *