3

I've noticed a number of Windows services required for network connectivity maintain open ports.

What can be done to ensure Service functionality without allowing the always-open ports to act as a network liability (i.e. hacking vulnerability)?

As an example: RPC (Remote Procedure Call) maintains multiple instances of open ports.

Also, could someone provide a link that would let me 'prune' all services that are constantly 'listening' to the network yet that don't ever, or very rarely, provide functionality to the OS on a network level?

schroeder
  • 123,438
  • 55
  • 284
  • 319
Thelps
  • 31
  • 4
  • The real answer here is a firewall. The OS is designed to allow services to open the ports they need in order to function. Your control over that is a firewall. – schroeder Dec 24 '16 at 09:23

1 Answers1

2

Use a firewall, either inbuilt or purchase a physical one. Really not much explanation needed - also consider using its packet filtering capabilities to ensure that only legitimate data is being passed through.

thel3l
  • 3,384
  • 11
  • 24
  • I use a firewall but blocking ports needed for Network Connectivity results in no internet whatsoever. Could you provide a link that expounds on 'packet filtering'? – Thelps Dec 23 '16 at 16:36
  • When you block a port, you prevent the application from interacting with the network - not what you want. Try this link, check the second type of firewalls (packet-filtering firewalls): https://supportforums.cisco.com/document/6026/firewall-and-types – thel3l Dec 23 '16 at 16:38
  • My network precludes a Hardware Firewall. Could you suggest a Software Firewall that has functionality within all the described firewall types of that article? Windows Firewall is useful but the UI is often counter-intuitive and makes certain functions very difficult to achieve. – Thelps Dec 23 '16 at 16:57
  • Take a look at Sucuri's solutions, Comodo's solutions etc. All are excellent alternatives that you should consider/ – thel3l Dec 23 '16 at 17:08
  • Not to be obtuse but tried Comodo, the AV/Firewall combo doesn't embed sufficiently deeply in Windows, for whatever reason. It may be because my install of Windows is already compromised. The Firewall/AV doesn't load at startup but rather AFTER startup making the AV/Firewall vulnerable to rootkits. I didn't know about 'Sucuri'. I'll look into it. – Thelps Dec 23 '16 at 17:55
  • Any solutions from alternative sources would be useful. – Thelps Dec 23 '16 at 18:14