How to Protect Your Network Using these Network Security Procedures and Tips

Network security is the new buzz word around town.The netstat command will also show you who is
Most people think a network firewall that is setup withactive on your computer. This willshow you what
the default will protecttheir network. The simple fact isspyware or trojan horses that may have installed on
no it will not. Not until you are hack willyou know thisyour machine.
fact. Of course this comes a little too late. All operatingActive Connections
systemsneed ports open in order to communicateProto Local Address Foreign Address State
information regarding active directory,TCP argonas:epmap argonas:0 LISTENING
DNS, DHCP, booting of a computer and more. SomeTCP argonas:microsoft-ds argonas:0 LISTENING
applications need ports open towork. So where doTCP argonas:pptp argonas:0 LISTENING
you reach a safe point where your applications workTCP argonas:3389 argonas:0 LISTENING
and theyare secure. The following will address theTCP argonas:1026 argonas:0 LISTENING
working ports and what to beconcerned about. Later ITCP argonas:2617 localhost:2618 ESTABLISHED
will address how to secure it.TCP argonas:2618 localhost:2617 ESTABLISHED
Ports to be concerned about are 3389 which isterminalTCP argonas:2619 localhost:2620 ESTABLISHED
services ports. If you do not have a firewall in placeTCP argonas:2620 localhost:2619 ESTABLISHED
blocking publicTCP argonas:4664 argonas:0 LISTENING
IP address from forwarding to private IP address usingTCP argonas:netbios-ssn argonas:0 LISTENING
this port then you willwant to call a securityTCP argonas:2958 an-in-f104.google.com:http
professional right away. Other ports to beESTABLISHED
concernedabout are 139 which gives access toTCP argonas:3011 va-in-f104.google.com:http
network shares.TIME_WAIT
Another area of concern is the SMB or theTCP argonas:3014 eo-in-f147.google.com:http
(Server Message Block) protocol. This protocol is usedESTABLISHED
among other things forfile sharing in Windows NT/2000TCP argonas:3081 unknown.xeex.net:http TIME_WAIT
XP. In Windows NT it ran on top of NetBTTCP argonas:3104 unknown.xeex.net:http
(NetBIOS over TCP/IP), which used the famous portsESTABLISHED
137, 138 (UDP) and 139 (TCP).TCP argonas:3903 web1.allaboutsingles.com:http
In Windows 2000/XP/2003, Microsoft added theCLOSE_WAIT
possibility to run SMB directlyover TCP/IP, without theTCP argonas:4449
extra layer of NetBT. For this they use TCP port 445.static-71-116-207-166.lsanca.dsl-w.verizon.net:pptp
Again all these ports should remain in the privateESTABLISHED
network and your firewallshould block access.TCP argonas:4762 va-in-f104.google.com:http
Note: The NETSTAT command will showCLOSE_WAIT
youwhatever ports are open or in use, but it is NOT aTCP argonas:netbios-ssn argonas:0 LISTENING
port scanning tool! If youwant to have your computerTCP argonas:2939 192.168.100.202:1025 ESTABLISHED
scanned for open ports see this page instead (linkwillTCP argonas:2957 exchange01.intercore.local:1419
follow shortly).ESTABLISHED
C:>netstat -an |find /i "listening"Once you have locked down all ports then you must
TCP 0.0.0.0:135 0.0.0.0:0 LISTENINGbeconcerned with internal security. No one in your
TCP 0.0.0.0:445 0.0.0.0:0 LISTENINGorganization will be allowed totalk to anyone about any
TCP 0.0.0.0:1723 0.0.0.0:0 LISTENINGsecure information. Even giving out there emailaddress.
TCP 0.0.0.0:3389 0.0.0.0:0 LISTENINGNext use devices like honey pots, barracuda spam
TCP 127.0.0.1:1026 0.0.0.0:0 LISTENINGappliance, Symantecanti-virus hardware and software.
TCP 127.0.0.1:4664 0.0.0.0:0 LISTENINGA properly configured network can allow yourworkers
TCP 192.168.50.127:139 0.0.0.0:0 LISTENINGto work and disallow hackers to work.
TCP 192.168.100.193:139 0.0.0.0:0 LISTENING