Re: why isn't the set of open ports a security problem?

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: Brian Sullivan MVP (brians_at_WORMTIREDmeetingbywire.com)
Date: 07/09/04 

Date: Fri, 9 Jul 2004 08:09:59 -0400

Pete wrote:
> I use a Windows XP Pro PC from behind a router with a NAT
> firewall. Just started using NetMeeting recently. Found MS
> article 158623 about port usage and set up these open
> ports on my router. NetMeeting works fine.

What ports did you set to "open"?

>
> I'm concerned about all these open ports and whether this
> makes my PC susceptible to hackers. I ran Symantec's
> security check - it says that the PC's ports still operate
> in "stealth" mode and that it is secure.

I am not exactly sure what you have done or want to do.

Generally the way to get full operation of NetMeeting behind a router is to
set the NetMeeting machine as the dmz device. This means that the dmz
machine is exposed to all unsolicited traffic from the internet so a
software firewall on the target machine is recommended.

If you just wanted NetMeeting data function-- no forwarding of ports would
be required for outgoing calls, incoming calls would require only tcp 1503
be forwarded. In that case though there is still the potential risk of
receiving ( and running) a virus infected file, of allowing outside users to
control the machine but that would require a knowing or unknowing accomplice
to be a risk.

Unless you are running a true border firewall where ports can be "opened" or
"closed" for all machines on the network in both directions, the security
risk in "opening" ports on a soho router is that you are forwarding an
incoming port to a single machine. If that machine is compromised or if the
program listening on the forwarded port is flawed there is a security risk.

>
> Can someone explain why this is so? I would like to get
> more comfortable that leaving the ports open for easy
> NetMeeting use is not creating a security risk.

As I said before "opening"/fowarding ports to a machine can be a risk if the
target machine is compromised or the program listening ( NetMeeting) is
flawed. Since NetMeeting requires dmz function for full use there is more of
a risk since the attack surface is larger, 

-- 
Brian Sullivan
Meeting by Wire ( http://www.meetingbywire.com)
------------
Is  your PC  protected? --
http://www.microsoft.com/security/protect/default.asp

Relevant Pages

  • Re: PMJ help
    ... I dont know what is wrong, no response from my NM I will try ... the rules in the modem and grc showed the ports as open. ... Protocol that NetMeeting uses) *are* Open OK, ... Have you changed the Router to a different one? ...
    (uk.people.silversurfers)
  • Re: Port forwarding/open ports?
    ... > To be able for another person to connect to my Netmeeting in ... > Windows XP and share applications I would need to open the ports 1720 ... > and 1503 in my router firewall. ...
    (alt.computer.security)
  • Re: ports
    ... > What ports do i need to open for all the services of ... Just about the only way to have NetMeeting function with two way audio/video ... on outgoing and incoming calls is to use the dmz feature of the router ( ... Messenger will be an incoming call to you and will fail). ...
    (microsoft.public.internet.netmeeting)
  • Re: webcams behind firewalls
    ... >>For netmeeting, you need to set your router up to allow ports 1720, ... > I tried all of these ports with Netmeeting and it never did work. ... > behind a firewall you can dial-up that system. ... packets to a certain extent (like a normal router). ...
    (comp.security.firewalls)
  • Re: Done (was Resuscitate or RIP)
    ... & NetMeeting is good for that sort of thing as well, ... Router that she now uses, instead of the USB ADSL Modem? ... NetMeeting relies on being able to call the other Persons *IP* ... You need to Set the Router to "Forward" any Incoming Connection ...
    (uk.people.silversurfers)