how/where do REAL administrator close unused ports

[APOC9109]

Can someone please tell me where you go to actually close ports and configure for inbound and outbound traffic, where
adminstratively is this done? do real admins do this??


I read so much about closing vulnerable or unused ports, but never exactly where you go to do this. And how to specify, for example if you are going to close ports for only inbound traffic
tanx!

 

[58sniper]

Typically, you would close ports at your firewall. It all depends on the services that need to go through that firewall as to what ports to open, and the hardware that you have. In many serious firewalls, you can dictate rules to grant/deny traffic, and can configure in which direction (inbound/outbound) they apply to.

This is a faily complex issue that can't really be answered based on the lack of information you have in your post.

I'd suggest going running a Sheild's Up report from

https://www.grc.com/x/ne.dll?bh0bkyd2

to see what's visible on the outside, and proceed from there.

Pat Richard, MCSE(2) MCSA:Messaging, CNA(2)

 

[Seaspray0]

That is one of the functions of a firewall. Most business networks run on a private IP address and use Network Address Translation (NAT) to provide access to the internet. The home routers you can get at your local electronics store does a simple version of this. Business will opt for something more robust such as a PIX device from a company that makes industrial grade routers. I would prefer a simple home router over exposing a server directly to the internet and attempting to block there. By placing your network on a private IP address range, you guarantee that your IP addresses are NOT routable across the internet. Only the public address of the NAT device is visible. Even the home routers allow you to configure "port forwarding" and the better ones allow you to block IP ports and addresses. When you configure port forwarding, you forward a port directly through the NAT to a private address on your network. One of the most common is forwarding port 80 to the private address of your webserver. To the internet, your webpage is accessed on the public IP address of your NAT device (not the private IP address of your webserver). The NAT device acts as part of your firewall. Most companies will do this type of firewall.

As for the network card on your computer, you can configure it through the tcp/ip settings, general tab, advanced button, options tab.

Start, Help. You'll be surprised what's there. A+/MCP/MCSE/MCDBA

 

[58sniper]

Keep in mind that most entry level firewalls don't do SPI. On these routers, when you open a port, say, port 25 (SMTP), you're opening it to ANYTHING on port 25 - whether it's SMTP or not. If you use something like ISA, which does SPI, you can tell it to open port 25, but allow ONLY SMTP traffic on that port. This further enhances your security.

Just look at what can go across port 80!

Pat Richard, MCSE(2) MCSA:Messaging, CNA(2)

 

[Seaspray0]

Very true, sniper. The professional firewall devices have the advantage on security over the home devices as you can make settings like that. You give a good workaround for those firewalls that don't. Apoc, you'll also do well looking into setting up a network with a DMZ. Most companies follow the same guidlines for their networks. Microsoft gives the basics on firewalls here...

http://www.microsoft.com/technet/security/topics/networksecurity/firewall.mspx

Start, Help. You'll be surprised what's there. A+/MCP/MCSE/MCDBA