How to manage network ports to make the system more secure

By default, Windows opens many service ports on our computers. Hackers often use these ports for intrusion. Therefore, understanding port knowledge will help us improve internet security.

First, let's take a look at what is a Port:

In network technology, a Port has two meanings: one is a physical Port, for example, ADSL Modem, Hub, switch, router and interfaces used to connect to other network devices, such as RJ-45 port, SC port and so on. The second is the logical port, which generally refers to the port in the TCP/IP protocol. The port number ranges from 0 to 65535, for example, port 80 used to browse Web Services, port 21 for the FTP service. Here we will introduce the logical port.

Depending on the service type, there are two types of ports: TCP port and UDP port. When computers communicate with each other, there are two methods: one is to confirm whether the information arrives after sending the information, that is, there is a response, most of which adopt the TCP protocol; one way is to ignore the message after it is sent, rather than confirming whether the information has arrived. Most of these methods use UDP protocol. Corresponding to the ports provided by the services of these two protocols, they are also divided into TCP port and UDP port.

Let's take a look at what the port is:

For example, two computers now use TCP/IP for communication. When you browse Internet Explorer, you still use MSN to upload files. The two computers each have an IP address, so they can communicate with each other. This is like saying that computer A said, "transfer this package to computer B. The IP address is ****." The package is passed.

If a computer has only one program at the same time and a service is transmitting data, it is easy to directly transfer data. However, in the above example, if two computers are transmitting data simultaneously-both browsing the webpage and uploading files on MSN. This problem comes-computer A said: "transfer this package to computer B. The IP address is ......". Then computer B received the packet happily. What about the browser data? Or what about MSN data? I cannot tell it clearly. In this case, the port number must be considered.

We know that a host with an IP address can provide many services, such as Web services, FTP services, and SMTP services. These services can be implemented by one IP address. So how does a host distinguish between different network services? Obviously, we cannot only rely on IP addresses. In fact, we use a combination of IP addresses and ports to differentiate different network services. Port is just an abstract concept. For example, if you receive a packet that says "send to port 80", you have to check who uses port 80? I think it is for the HTTP server. Well, give this package to it.

 

I. Common ports and their classification

 

By port number can be divided into three categories

 

(1) WellKnownPorts: from 0 to 1023, they are closely bound to some services. Usually the communication between these ports clearly indicates a service protocol. For example, port 80 is always HTTP Communication.

(2) Registration port (RegisteredPorts): from 1024 to 49151. They are loosely bound to some services. That is to say, many services are bound to these ports, which are also used for many other purposes. For example, many systems process dynamic ports starting from around 1024.

(3) dynamic and/or private ports (Dynamicand/orPrivatePorts): From 49152 to 65535. Theoretically, these ports should not be allocated to the service. In fact, machines usually allocate dynamic ports from 1024. But there are also exceptions: SUN's RPC port starts from 32768.

 

 

 

Ii. How to check which ports are enabled on the local machine

 

Windows provides the netstat command to display the current TCP/IP network connection. Note: The netstat command can be used only when the TCP/IP protocol is installed.

 

Operation Method: Click Start → program → attachment → command prompt. In the Command Prompt window, enter the command netstat-na and press Enter. The local connection status and opened port are displayed ,. A string of numbers under the local address represents the local IP address and the opened port number. A string of numbers under the external address represents the remote computer ip address and the opened port number. In the figure, LISTENING is the LISTENING status, port 135 listening is being enabled on the local machine, waiting for remote computer connection.

 

If you enter the netstat-nab command in the Command Prompt window, it also displays the programs that create each connection. If you find that the machine has opened a Suspicious Port, you can use this command to check which components it has called, and then check the creation time and modification time of each component. if an exception is found, it may be a Trojan.

 

3. How to protect your own ports

 

By default, many Windows ports are open. Once you access the Internet, hackers can connect to your computer through these ports, so you should close these ports. Mainly include: ports TCP139, 445, 593, 1025, and UDP123, 137, 138, 445, 1900, and 2513, and some popular Backdoor Ports (such as TCP 2745, 3127, 6129, and ), and remote service access port 3389, we can close the port not used by the local machine through the following method:

 

Operation Method:

 

(1) ClickStart, Enter in the search boxAdvanced SecurityWindowsFirewallAnd then clickInbound rules, Showing:

 

 

(2) Select the port and click Next.

 

 

(3) write the port number you want to disable in a specific local port, separate them with commas, and then proceed.

 

(4) Select block connection and click Next.

 

 

(5) you can write the name and description at will, and click Finish to block the port.

I usually perform this operation after obtaining the host permission, in case other friends share it with me.