Home > Security Tips > Tech Tips > Check your Windows port associations
Security Tips:
EMAIL THIS
 TIPS & NEWSLETTERS TOPICS 

TECH TIPS

Check your Windows port associations


Tom Lancaster
12.09.2003
Rating: -3.78- (out of 5)


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


One vulnerable aspect of "Windows out of the box" is the UDP and TCP ports it uses to support file and print sharing, directory services and name resolution. Using these ports on any local area network for these purposes is tolerable. But for any link to the Internet, they definitely are not. One of my favorite security tools makes a compelling case for why you should never utilize either one. (See the screen text capture below, picked up verbatim from my Windows 2000 Professional laptop on my home network).



The tool in the illustration here is FPort. It's from a company named Foundstone. It's a company that includes as principals two of the folks behind the wildly successful (and entirely useful) Hacking Exposed books—namely George Kurtz and Stuart McClure. It also includes long-time PC Magazine programming editor, book author, and Windows guru Chris Prosise.

FPort lists all open TCP and UDP ports it discovers, along with the associated process ID (Pid) and process name (Process). The tool is free, easy to download, and



a snap to use; in the directory where Fport.exe resides, open a command window and type Fport at the command line.

Why is this tool valuable? Because it shows all TCP and UDP ports open on the machine where it runs. This defines the set of ports you should inspect and block at the interface (or firewall) that connects your machine or network to the Internet. For the screen display shown above, you'd want to close all ports shown below 1,024 and be pretty picky about which applications (namely, the Task Scheduler, MSTask.exe; various elements of Norton Internet Security, Internet Explorer and so forth) are allowed Internet access.

By combining judicious external scans of your system(s) or network (readily available at Gibson Research or Symantec (to name just two of many such tools) with the "inside view" that FPort provides, you can easily learn what ports to check and block, as needed.


Thomas Alexander Lancaster IV is a consultant and author with over 10 years experience in the networking industry, focused on Internet infrastructure.


Rate this Tip
To rate tips, you must be a member of SearchSecurity.com.
Register now to start rating these tips. Log in if you are already a member.




BROWSE BY TAG
Tech Tips,   Application and Platform Security,   Windows Security: Alerts, Updates and Best Practices,   Operating System Security,   VIEW ALL TAGS

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


RELATED CONTENT
Tech Tips
Video: The foundation of an email security strategy
Biometric authentication know-how: Devices, systems and implementation
The 5 A's of functional SAN security
Effective storage security policies
Smart options for safeguarding stored data
Outfox SOX: How to make regulations work for you
Roberta Bragg's 10 Windows hardening tips in 10 minutes
Using free network intrusion detection and prevention tools to stop hacks
Hacker techniques and exploits: Prevent system fingerprinting, probing
How to stop hacker theft: Employee awareness, risk assessment policies

Windows Security: Alerts, Updates and Best Practices
When BIOS updates become malware attacks
Microsoft patches WebDAV security vulnerability in bevy of updates
Microsoft plans 10 security updates, fixing IE, Word, Excel vulnerabilities
Hackers targeting unpatched Microsoft DirectShow flaw
Microsoft warns of IIS zero-day vulnerability
Microsoft updates Office to address serious PowerPoint vulnerabilities
Microsoft to patch critical PowerPoint zero-day flaw
How to perform Microsoft Baseline Security Analyzer (MBSA) scans
Microsoft patches serious Excel zero-day, Windows flaws
Microsoft Stirling Beta 2 release includes Exchange SaaS offering

RELATED GLOSSARY TERMS
Terms from Whatis.com − the technology online dictionary
BotHunter  (SearchSecurity.com)
principle of least privilege (POLP)  (SearchSecurity.com)
security identifier  (SearchSecurity.com)
trusted computing  (SearchSecurity.com)

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary

DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.



Research Solutions for Network Security, Access Control and Security Threats
More Security Resources for Resellers, VARs and OEMs
TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2003 - 2009, TechTarget | Read our Privacy Policy
  TechTarget - The IT Media ROI Experts