7.2 Scan Your System for Open PortsEach open network port on your computer is a potential security vulnerability. Fortunately, there's a way to scan your computer for open ports so you know which holes to patch. Start by opening a command prompt window ( cmd.exe ) and running utility by typing netstat /a /o . The Active Connections utility displays its information in these five columns :
7.2.1 Matching a PID with a ProgramNetstat shows the PID of running programs that have opened ports, but not the application names . To find out more, open Task Manager (launch taskmgr.exe or right-click an empty area of your taskbar and select Task Manager), and choose the Processes tab. If you don't see a column labelled PID, go to View Select Columns, turn on the PID (Process Identifier) option, and click OK. Finally, turn on the Show processes from all users option at the bottom of the Windows Task Manager window. You can then sort the listing by PID by clicking the PID column header. The program filename is shown in the Image Name column. NOTE You may see svchost .exe listed in the Windows Task Manager, and reported by the Active Connections utility as being responsible for one or more open ports. This program is merely used to start the services listed in the Services window ( Services.msc ). 7.2.2 Common TCP/IP PortsWhen your web browser or email program connects to another computer on the Internet, it does so through a TCP/IP port. If you have a web server or FTP server running on your computer, it opens a port to which other computers can connect. Port numbers are used to distinguish one network service from another. A firewall uses ports (listed in the following table) to form its rules about which types of network traffic to allow, and which to prohibit. And the Active Connections utility, described previously, allows you to uncover vulnerabilities in your system using ports. NOTE Some firewalls make a distinction between TCP (Transmission Control Protocol) and UDP ( User Datagram Protocol) ports, which is typically unecessary. In most cases, programs that use the more common TCP protocol will use the same port numbers as their counterparts that use the less-reliable UDP protocol.
|