The default configuration of your operating system includes a number of services that you probably don’t use. In this video, you’ll learn how disabling unneeded network services and user accounts can help secure your computer.
<< Previous: Security PoliciesNext: Using Secure Protocols >>
If you’re running a web server, or an email server, or a file server, or some other type of service, you’re going to need to open up ports in your computer. Normally when you start the service, it begins listening on a particular TCP or UDP port. You have to at least open that port up so that other people on the network would have a way to access that service on your computer.
The port is usually very specific to a particular service. So if you start a web server, it’s probably listening on TCP port 80 and TCP port 443. If you’re opening other types of services, they will pick other available ports to open up on your computer so that other people on the network and access that service.
The people accessing that service should be connecting to that port and only accessing service information that is specific to them. They would not necessarily have access to anything else inside of your computer. But every time you open up a port, there’s the potential for some type of problem.
Some applications are developed poorly or they might have vulnerabilities that might allow people access to things that normally they should not have access to. That’s why you should always check for updates and make sure that all of your applications are up to date. You don’t want to start a service, have that port open up in your computer, and then have somebody connect to your computer, and misuse that service to gain access to your entire system.
Here’s visually how this works. You have devices on the network that are accessing servers that have open ports. You have a source port that you’re using to be able to communicate to that device. And then these are the open ports that are always available– they are what we call well known ports, because those are the ones that are commonly associated with those types of services.
This is a web server that is not only using TCP port 80 and TCP port 443– so those reports that are always open and always listening for users– it looks like this server is also providing DNS services– so you can see an open port over UDP, port 53 is open to provide those DNS responses. There are a number of different ways to examine what port numbers might be running on your particular system.
I grabbed the Windows machine and ran the simple netstat-a, and that gave me a list of all of the open port numbers that were listening on this particular device. You can use other netstat parameters to tell you more information about what process ID might be associated with that particular open listening port or perhaps what the name of the executable is that’s providing that open port. There are of course, a number of third party utilities you can use to provide similar information.
This is one from NirSoft that is CurrPorts– C-U-R-R ports. And you can see that it shows you similar information, it shows your process ID, protocols, it shows you the name of the port that happens to be open. By using one of these utilities, you can get additional information about what ports might be open on your device and what applications might be associated with those ports. And then you can make a decision on whether that port should stay open or whether it’s an interface that you can close off to the rest of the world.
A number of network services use built in usernames and passwords to be able to access these services. So it’s useful to know what usernames are configured in your operating systems, and which ones might be in use and not be in use– and it changes depending on what operating system you’re looking at. But generally, you’re looking for usernames that might be guest, or root, or mail, or something associated with a particular service.
Not all of these accounts are going to be necessary to use these services. And not all of these accounts need to be in your system if you’re not planning to run those particular services. So you should disable or remove those particular accounts if you’re not going to need them.
Another thing you might want to consider is disabling the ability of these accounts to log in interactively. This means that only a service would be using these particular account names. And no one else from the outside would be able to connect your computer and use one of these account names to gain access to your system.