I'm currently working on tightening up our server security based on recommendations from a security firm. We've discovered that several of our Windows Servers have their firewalls completely disabled, and our top priority now is to enable them. I ran some queries and noticed that many ports are set to 'listen', 'established', 'bound', and 'timewait'. I feel overwhelmed with the thought of tracking every port and its potential uses across our servers. Is there a better approach than just writing scripts to allow access for all possibly needed ports? Ideally, I wish we could only open what's necessary for each server at implementation, but I can't turn back time. What do you recommend as the best course of action here? It's feeling like a huge project and I could use some guidance.
3 Answers
Considering scream tests aren't allowed, I'd recommend using 'netstat -aon' alongside Wireshark. Those tools can provide good insights without causing any disruptions. And about those rules against scream tests? Just let your team know they could use a bit of fun; they should send you home so you can contemplate how boring those rules are!
It sounds like you know what your servers are meant for, so that's a good start. Instead of trying to manage every single port, focus on logging inbound traffic. It’s more effective to see what’s actually being used rather than just worrying about open ports. This way, you'll get a clearer picture of what needs to stay open and what can be shut down. Yeah, it takes time, but it simplifies the overall process.
That makes sense! How would you recommend logging that traffic specifically?
Here's a straightforward plan: 1. Start by blocking everything except what you think is essential for the server's function. 2. Monitor for any issues—wait for tickets or complaints from users. 3. Open any necessary ports as they come up. It might sound simple, but sometimes keeping it basic is the best way to go!
I appreciate the advice! Just to clarify, I’ve been told that scream testing isn't permitted for this project.
Haha, they know it's not the most exciting approach. I remind them about that often! 🙂