What port range in good to close? What are all the ports I can shut without affecting the performance of my system?
Vulnerabilities differ with each environment. It really and truly depends on the kind of platform your systems are running on and as to what all services are required to be run on that system. Sometimes some of the critical services are running on these vulnerable ports making it hard to shutdown.
I would recommend using some good Port-scanning tool Like NMAP to really figure out what's open and accessible. It would list all the open ports on the system and then you can decide on which ones to close without affecting the services your system need to provide. Here's the list of most common ports that are probed and attacked:
- Block "spoofed" addresses-- packets coming from outside your company sourced from internal addresses, private (RFC1918 and network 127) and IANA reserved addresses. Also block source routed packets.
- telnet (23/tcp), SSH (22/tcp), FTP (21/tcp), NetBIOS (139/tcp), rlogin (512/tcp through 514/tcp)
- RPC and NFS-- Portmap/rpcbind (111/tcp and 111/udp), NFS (2049/tcp and 2049/udp), lockd (4045/tcp and 4045/udp)
- NetBIOS in Windows NT -- 135 (tcp and udp), 137 (udp), 138 (udp), 139 (tcp). Windows 2000 ?445(tcp and udp)
- X Windows -- 6000/tcp through 6255/tcp
- DNS (53/udp) to all machines which are not DNS servers, DNS zone transfers (53/tcp) except from external secondaries, LDAP (389/tcp and 389/udp)
- SMTP (25/tcp) to all machines, which are not external mail relays, POP (109/tcp and 110/tcp), IMAP (143/tcp)
- HTTP (80/tcp) and SSL (443/tcp) except to external Web servers, may also want to block common high-order HTTP port choices (8000/tcp, 8080/tcp, 8888/tcp, etc.)
- ports below 20/tcp and 20/udp, time (37/tcp and 37/udp)
- TFTP (69/udp), finger (79/tcp), NNTP (119/tcp), NTP (123/tcp), LPD (515/tcp), syslog (514/udp), SNMP (161/tcp and 161/udp, 162/tcp and 162/udp), BGP (179/tcp), SOCKS (1080/tcp)
Keep in mind that the CVE (common vulnerabilities and exposure) list gets updated whenever new vulnerabilities are reported. It's always better to keep yourself updated on the same.
Dig Deeper on Network management and monitoring
Related Q&A from Puneet Mehta
To view network security expert Puneet Mehta's latest advice, see his Public Profile on the IT Knowledge Exchange: https://... Continue Reading
Find out if there's a difference between a virtual private network (VPN) concentrator and a network access server (NAS) in this explanation from our ... Continue Reading
Our network security expert explains how to keep unauthorized users from accessing your router's IP address for Internet access in this advice ... Continue Reading