How to Protect Your Network Using these Network Security Procedures and Tips

Network security is the new buzz word around town.

Most people think a network firewall that is setup with the default will protect

their network. The simple fact is no it will not. Not until you are hack will

you know this fact. Of course this comes a little too late. All operating systems

need ports open in order to communicate information regarding active directory,

DNS, DHCP, booting of a computer and more. Some applications need ports open to

work. So where do you reach a safe point where your applications work and they

are secure. The following will address the working ports and what to be

concerned about. Later I will address how to secure it.

Ports to be concerned about are 3389 which is

terminal services ports. If you do not have a firewall in place blocking public

IP address from forwarding to private IP address using this port then you will

want to call a security professional right away. Other ports to be concerned

about are 139 which gives access to network shares.

Another area of concern is the SMB or the

(Server Message Block) protocol. This protocol is used among other things for

file sharing in Windows NT/2000/XP. In Windows NT it ran on top of NetBT

(NetBIOS over TCP/IP), which used the famous ports 137, 138 (UDP) and 139 (TCP).

In Windows 2000/XP/2003, Microsoft added the possibility to run SMB directly

over TCP/IP, without the extra layer of NetBT. For this they use TCP port 445.

Again all these ports should remain in the private network and your firewall

should block access.

Note: The NETSTAT command will show you

whatever ports are open or in use, but it is NOT a port scanning tool! If you

want to have your computer scanned for open ports see this page instead (link

will follow shortly).

C:>netstat -an |find /i “listening”

TCP 0.0.0.0:135 0.0.0.0:0 LISTENING

TCP 0.0.0.0:445 0.0.0.0:0 LISTENING

TCP 0.0.0.0:1723 0.0.0.0:0 LISTENING

TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING

TCP 127.0.0.1:1026 0.0.0.0:0 LISTENING

TCP 127.0.0.1:4664 0.0.0.0:0 LISTENING

TCP 192.168.50.127:139 0.0.0.0:0 LISTENING

TCP 192.168.100.193:139 0.0.0.0:0 LISTENING

The netstat command will also show you who is active on your computer. This will

show you what spyware or trojan horses that may have installed on your machine.

Active Connections

Proto Local Address Foreign Address State

TCP argonas:epmap argonas:0 LISTENING

TCP argonas:microsoft-ds argonas:0 LISTENING

TCP argonas:pptp argonas:0 LISTENING

TCP argonas:3389 argonas:0 LISTENING

TCP argonas:1026 argonas:0 LISTENING

TCP argonas:2617 localhost:2618 ESTABLISHED

TCP argonas:2618 localhost:2617 ESTABLISHED

TCP argonas:2619 localhost:2620 ESTABLISHED

TCP argonas:2620 localhost:2619 ESTABLISHED

TCP argonas:4664 argonas:0 LISTENING

TCP argonas:netbios-ssn argonas:0 LISTENING

TCP argonas:2958 an-in-f104.google.com:http ESTABLISHED

TCP argonas:3011 va-in-f104.google.com:http TIME_WAIT

TCP argonas:3014 eo-in-f147.google.com:http ESTABLISHED

TCP argonas:3081 unknown.xeex.net:http TIME_WAIT

TCP argonas:3104 unknown.xeex.net:http ESTABLISHED

TCP argonas:3903 web1.allaboutsingles.com:http CLOSE_WAIT

TCP argonas:4449 static-71-116-207-166.lsanca.dsl-w.verizon.net:pptp ESTABLISHED

TCP argonas:4762 va-in-f104.google.com:http CLOSE_WAIT

TCP argonas:netbios-ssn argonas:0 LISTENING

TCP argonas:2939 192.168.100.202:1025 ESTABLISHED

TCP argonas:2957 exchange01.intercore.local:1419 ESTABLISHED

Once you have locked down all ports then you must be

concerned with internal security. No one in your organization will be allowed to

talk to anyone about any secure information. Even giving out there email

address. Next use devices like honey pots, barracuda spam appliance, Symantec

anti-virus hardware and software. A properly configured network can allow your

workers to work and disallow hackers to work.


Post time: 12-26-2017