Power User: A little of this and that on security
- By John McCormick
- Apr 28, 2004
A useful download from Microsoft Corp. called PortReporter has several virtues: It's free, only 135K and probably all right to use even if agency rules otherwise forbid freeware.
PortReporter logs TCP and UDP port use on systems running Windows Server 2003, Win 2000, NT and XP. It generates easy-to-read logs showing which ports are open to TCP and UDP traffic, processes running, which user is running the processes and so on.
That information is very useful for troubleshooting and can even serve for simple forensics.
Unlike many free Microsoft downloads, this one takes very little time even over dial-up connections. Incidentally, even a large office with an enterprise network and T1 access probably should keep a separate dial-up account and system for testing. You should never install downloads or patches, even from Microsoft, on a live, networked system.
Your separate test account ideally should have a fast link for downloading large files, but dial-up can serve the need, too. If nothing else, it gives insight into how your road warriors and outsiders see your network or Web site.
To use PortReporter, log in as administrator and go to Start, Control Panel, Administrative Tools, Services. Four files will install:
- eula.txt, the end-user license agreement
- pr-setup.exe'click on this to install or uninstall PortReporter when you're logged in as administrator
- readme.txt'but instead of reading this, look up Microsoft Knowledge Base Article 837243, at www.microsoft.com.
Installation and operation of PortReporter are painless, although some users might have minor difficulty locating the log files.
A couple of readers said I was off base complaining about my problems installing a Linksys Wireless-G Broadband Router.
I had set out to see whether an unsupported user in a small office could install and maintain the wireless router. Since then I have seen reports on various weblogs and user groups that confirmed the problems I encountered. Lots of people, some of whom appear to have considerable technical knowledge, have spent hours trying to get the thing to work correctly on slightly unusual systems.
I mention Linksys again because I've learned about a number of security problems relating to Linksys cable modem routers and firewalls from Cisco Systems Inc. of San Jose, Calif. These aren't big, enterprise units, but they might be used by telecommuters and small branch offices.
Gibson Research Corp. of Laguna Hills, Calif., at www.grc.com, has a free firewall tester called ShieldsUp, which you run online to test your system's first 1,056 TCP ports. You might want to bookmark this tool as a quick reference to what each port does.
ShieldsUp reported all my ports as being 'stealthed' by Norton Internet Security from Symantec Corp. of Cupertino, Calif.
The test tool also displays the browser's Web server requests, which might display information you don't want freely disseminated. If for nothing else, the GRC site is worth checking for lots of basic security information.
For most Linksys routers, ShieldsUp will show that Port 113 is closed by default. Firewall ports can be set to one of three modes: open, closed or stealth. Stealth is by far the best choice because it keeps a system essentially hidden on the Internet.
A closed port will still answer queries and is therefore vulnerable to various attacks. An open Port 113, the so-called ident port, will give away identifying information such as user name or phone number when connected to an Internet Relay Chat server.
Even if it is set to closed, it will still reply that it exists, which can make your system a target. From a security standpoint, a locked as well as hidden door is always preferable to one that is locked but widely known.
Many security specialists see a looming threat in the handy Windows Universal Plug-n-Play feature for firewall and router installation.
Unfortunately, once a virus or worm penetrates a system, it can use UPnP to open firewall ports from the inside. The FBI has advised users to disable UPnP.
John McCormick is a free-lance writer and computer consultant. E-mail him at email@example.com.