Open Ports after Port Scanning
WetBehindEars
either have port 135, 139 & 445 all open or the have 1 or two of those open.
Are these legit ports? Should I be concerned about them. Should all
workstations on our network have them all open? Any suggestions as to what
these ports are for? Or if they are needed?
Thanks in advance.
Miha Pihler [MVP]
Mentioned ports are part of Windows operating system. They provide e.g.
access to shares on the server etc...
Should they be there? That depends on your company policy (what your
employees need to access on each other computers). You might want to prevent
access to these ports on client computers by enable personal firewall (e.g.
Windows XP has built-in on). Know that this will prevent users from
connecting to shares on the PCs where personal firewall is enabled...
Don't be so quick to do enable the shares on the servers, since again
firewall will prevent your client computer from getting access to shares on
the servers...
--
Mike
Microsoft MVP - Windows Security
"WetBehindEars" <WetBeh...@discussions.microsoft.com> wrote in message
news:A59252A4-E848-4EAE...@microsoft.com...
Phillip Windell
news:A59252A4-E848-4EAE...@microsoft.com...
majority
> either have port 135, 139 & 445 all open or the have 1 or two of those
open.
Yep
> Are these legit ports?
Yep
> Should I be concerned about them.
Nope
> Should all workstations on our network have them all open?
Yep
> Any suggestions as to what these ports are for?
Various functions of Windows Networking
> Or if they are needed?
They are needed.
--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html
Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/techinfo/Guidance/2004.asp
http://www.microsoft.com/isaserver/techinfo/Guidance/2000.asp
Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp
-----------------------------------------------------
Steven L Umbach
domain computers which is what those ports are used for. While it may not be
necessary to offer shares on those computers you will find it necessary to
access them for such things as managing the computers remotely via Computer
Management etc, run RSOP logging mode on those computers from another
computer, or using Microsoft Baseline Security Analyzer to scan the
computers for vulnerabilities that include missing security updates so you
can see that it can be very productive to have those ports available.
Having said that it may make sense to use the Windows Firewall like Mike
said and restrict access to those ports from only computer IP address of
computers used by those that administer such functions in the domain which
would prevent normal domain workstations from accessing each other via those
ports which could increase security and slow down worm propagation
dramatically. You also can configure the user right for access this computer
from the network to manage what users have access to file shares on a
computer and consider using ipsec in situations that require high security
particularly for non domain controller servers. --- Steve
"WetBehindEars" <WetBeh...@discussions.microsoft.com> wrote in message
news:A59252A4-E848-4EAE...@microsoft.com...