Visit an Interesting Website
Security of TCP Ports and Microsoft Port Configuration
Gibson Research Corporation is involved in computer security. Their web site offers both a diagnostic remote testing service against your machine, and cogent explanatory information. Please visit the site. There, as described further below:
1) allow it to test your Window's machine's security if you are so inclined (this is a personal decision; personally, I trust this site). Otherwise, run the test from a Windows machine in the computer lab. Turn in the two test result printouts specified below (write your name on them please).
2) read the explanation of Microsofts's concept of "binding" protocols to interfaces.
3) optionally, if the above tests uncovered security weaknesses in your machine, fix them.
1) - From any internet-connected Windows machine please go to http://grc.com/default.htm. Scroll down to find the link entitled "Shields Up!" and click it. It leads to the "Shields Up!" page that offers to remotely perform several tests against your system. The two tests of interest here, found in the blue "Shields-up!! Services" box, are File Sharing and Common Ports.
The "File Sharing" test tries to make connections that are frequently possible on Windows systems (because of the server software they run on certain TCP ports by default). To make things really interesting, you can run Ethereal on your external interface if you want to watch what the Shields Up! test is trying to do to you. You'll see Netbios name queries coming in over UDP port 137 (the netbios name service port), and TCP "SYN" packets (of the famous initial syn-syn/ack-ack 3 way handshake) seeking to start a conversation with you on port 139 (netbios session service port). It is through such conversations that resource sharing (letting the other guy see your shared drives in his Windows explorer or network neighborhood) occurs. After the "File Sharing" test is complete, from your browser print out the results page.
Here is my "File Sharing" test results page.
The Common Ports test attempts to connect to a selection of TCP service ports that are commonly used. The main ones are:
| 21 | ftp |
| 23 | telnet |
| 25 | smtp |
| 79 | finger |
| 80 | http |
| 110 | pop3 |
| 113 | ident |
| 139 | netbios over tcp |
| 143 | imap |
| 443 | https |
Try it. See how well you have chosen (or not!) to configure your machine. After the "Common Ports" test is complete, from your browser print out the results page.
Here is my "Common Ports" test results page.
2) - from the "Shields Up!" page, click on the "Network Bondage" link. Scroll down to the 3-layer diagram depicting "Network Services Layer," "The Transport Protocol Layer." and "The Hardware Adapter Layer." Then, read the elaboration on these concepts, specific to one of the operating systems Windows95/98 or WindowNT by clicking the corresponding button at the bottom of the page.
3) If the above Shields Up! test revealed that your port 139 is open to the world, you may wish to do something about it.
One remedy is to forbid the software that shares files from using the TCP/IP protocol at all on the interface by which you connect to the internet. That software is what Microsoft calls the File and Printer Sharing "network component." We would use the term "service." That's because File and Print Sharing can run over TCP/IP (though it can also run over other protocols instead). And if it uses TCP, it does so by running on port 139 in just the same manner as any service runs on a port in the TCP world.
You can tell File and Printer Sharing which protocols it can and can't use. Moreover, you can do so independently for each of your interfaces. Microsoft calls the ability for this service to use a given protocol a "binding" between the service and the protocol. Microsoft calls interfaces adapters. So in Microsoft terms, you want to uncheck (cut off) any binding between the File and Printer Sharing network component and the TCP/IP protocol on the particular adapter by which you connect to the internet. Since among the protocols the service could use, TCP/IP is the only one by which the internet can be navigated, cutting off the service's usage of TCP/IP on the internet-connected adapter cuts it off from everybody out there. Or inversely, cuts them off from it and thus from your shared files and printers. See Helmig's explanatory instructions for how to go about the dissociation.
Another remedy, while still allowing "File and Printer Sharing" to use TCP/IP, is to impose blockage on arriving packets whose destination port is 139. That's the job of firewall software. Firewalls could also block any ports other than 139 that Probe my Ports may have revealed open on your computer. Helmig points out a couple of Windows firewall options, namely Windows XP's built-in firewall and a freeware offering. A linux gateway running as your "front" to the internet is also suitable if you have a home network. Set it to perform ip-masquerading/NAT (itself intrinsically secure), and use iptables to write a firewall or else download a pre-scripted one (one man's recommendations). The software is all free, you can augment it later (e.g., intrusion detection, logging, email alerts) as your needs and abilities evolve, the hardware can be cast-off and low-powered because firewalling and masquerading are computationally extremely lightweight, and the education is thorough. Like other worthwhile educational enterprises, it is also a project.
