Securing Your Server: Finding Active Network Ports
August 2nd, 2011
A critical part of securing a server is closing ports that are not in use, or that correspond with services that are not necessary for your normal server operations.
To see a list of ports that are actively listening on your server, open an SSH session and use netstat :
netstat -plan
You may see output similar to the following:
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:465 0.0.0.0:* LISTEN 59289/exim
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 9596/pure-ftpd (SER
tcp 0 0 173.205.126.10:53 0.0.0.0:* LISTEN 52371/named
…
…
From the truncated sample output above, you can see that Exim, Pure-FTP, and Named are listening on ports 465, 21, and 53, respectively. The actual output will be a lot longer, and will reflect all services that are actively listening on TCP or UDP ports.
The next step is to disable any services that you don’t need running. For example, if you see that Named is running but your server is not acting as a nameserver, there’s no need for that service to be active. You can disable most common services in WHM > Service Manager.
Now, especially if you have just installed a new firewall, you should do an external Nmap test to verify that all ports that should be closed actually are. The easiest way to run an Nmap test is by going to http://hackertarget.com/nmap-scan/ and launch a free nmap test:
The test results will be emailed to you within moments, showing you what ports were detected as being open.
If you have a firewall on your server (which hopefully you do), the next step is to check the list of TCP and UDP ports that are allowed and compare them with what services are running. Go through the list of open TCP and UDP ports in your firewall’s allow list and compare it with the new output of netstat. Any ports that are open that do not correspond with running services (or services that should be publicly accessible) should be closed.
Remember – having more avenues to your server makes it easier for hackers to find a way in. Detecting and closing unnecessary ports is a very simple way to help harden your server.
Related Posts
- 30,000 Infected WordPress Blogs Are Distributing Rogue Antivirus Software
- 4 Ways to Secure SSH Communications on a cPanel Server
- 3 Common Security Mistakes that Webmasters Make
- Basic Tips to Keep Your Website Secure
- Switching From FTP To SFTP
- Linux Tutorial: Generating Random User Passwords
- Linux Security: Giving Users Escalated Privileges
- Lock Down: Security Best Practices for Hosting Resellers
Posted in Articles | No Comments
How to Compile and Install PHP From Source September 6, 2011
How To Install WordPress 3, Beyond The Manual December 5, 2011
Rackspace Banking on OpenStack May 11, 2012
3 Common Misconceptions About Joomla May 9, 2012
Introduction to Microsoft Exchange Hosting May 7, 2012
- How To Query a MS Access Database Using ASP
Kalyani: Hello, Actually i want the coding to save by details in access database using ASP tell me... - HostGator vs GoDaddy Website Hosting Comparison
fysisoft: I was also comparing both, and it really helped to choose hostgator than godaddy… - How To Install IIS 7, PHP5 and MySQL 5.1 on Windows Server 2008 – Part 2
Guy Merritt: There’s an error in the above – the lines... - How To Install IIS 7, PHP5 and MySQL 5.1 on Windows Server 2008 – Part 2
Guy Merritt: You need to change the name of one of those files to... - How To Install IIS 7, PHP5 and MySQL 5.1 on Windows Server 2008 – Part 2
Joao T: My php have the ini file as php.ini-production...
Latest Web Hosting Deals
- InMotion Hosting VPS Limited Time Offer - Get 50% Off First Month
- IX WebHosting Special Promo - Expert Hosting Plan Only $3.95
- IX Webhosting Promo Code - 25% Off Web Hosting
- IX Webhosting Coupon Code - Get 20% Off Hosting Packages
- IX Web Hosting Special Promo - Unlimited Pro Plan $7.95/mo.
- IX WebHosting Special Promo - Business Plan Only $7.95
- DiscountASP Promo Code - Get 6 Months Free!
Hosting Reviews
 |  |  |
0 responses so far ↓
There are no comments yet...Kick things off by filling out the form below.
Leave a Comment