Re: vulnerability open ports

From: Phillip Windell (_at_.)
Date: 10/01/04


Date: Fri, 1 Oct 2004 09:06:12 -0500


"John P.F." <anonymous@discussions.microsoft.com> wrote in message
news:1e4901c4a761$be662cd0$a401280a@phx.gbl...
> After running a Symantic security scan I was informed
> that I was vulnerable due to open ports , http port80 and
> http over tsl/ssl . How do I close these ports? Any help

Some of these security scan "results" are a bit ridiculas. It is like
saying you are vulnerable because you are alive, so if you kill yourself you
would not be vulnerable because no one could kill a dead person. Scaring
people sells more firewall products, so the more those reports can "grab"
you the more you will seek those kinds of products.

The way to "close" ports is the never open them in the first place. Ports
are "created" and "opened" by the App that uses them. There will never be a
"port 80" on your machine unless you have a webserver running on it,...if
you have a webserver running on it then you probably want to be able to
access it, so obviously you want port 80 open,...however if you don't want
port 80 open then you also would not be wanting the webserver, therefore the
webserver should be shutdown or uninstalled and the "port 80" would cease to
exist.

Now there are some ports that are native to the OS's networking system
(Windows Networking & File/Print Sharing) that you would not want exposed to
the Internet assuming your machine had a public IP# and was directly exposed
the the Internet (not behind a Proxy or NAT Firewall). Those services can be
unbound from the Interface to make them unavailable.

-- 
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com