Windows XP Professional provides users with a number of applications that are specifically designed to support communications over the Internet. Examples of these applications include standard applications such as Internet Explorer and Outlook Express. Windows XP Professional provides a number of additional applications, including:
Windows Messenger. Microsoft's instant messaging application allows users to send and receive instant messages, audio, and video and to share applications with other Windows Messenger users.
NetMeeting. A Microsoft application that supports text, audio, video, and application sharing between NetMeeting users. Microsoft is discontinuing support for NetMeeting in favor of Windows Messenger.
Remote Assistance. A remote support application that allows users to solicit assistance when troubleshooting problem situations.
Remote Desktop. A remote control application that allows users to remotely connect to their computer and to work with it as if they were sitting in front of it.
Windows Media Player. A multimedia application that allows users to play audio and video provided by media content providers on the Internet.
Each of these applications performs one or more unique functions that may be affected by the presence of routers, NAT devices, and firewalls located between computers, thus preventing part or all of the application from functioning. Table 17.2 lists the ports and protocols associated with each of these applications.
Application | TCP Port | UDP Port |
---|---|---|
| ||
Remote Assistance | 3389 | – |
Remote Desktop | 3389 | – |
Windows Media Player | 1755 | 1755 |
– | Dynamic 1024 5000 | |
NetMeeting | 389 | – |
522 | – | |
1503 | – | |
1720 | – | |
1731 | – | |
– | Dynamic 1024 – 65535[*] | |
Windows Messenger | 3389 | – |
1503 | – | |
6891 – 6900 | – | |
– | Dynamic 5004 – 65535[*] | |
[*]Dynamic ports are required to support audio and video components |
In order to provide support for these applications, computer administrators on corporate networks need to work with network administrators and engineers to determine whether these ports can be opened to permit application data to pass through the corporate firewall. Similarly, administrators of small home and office networks need to configure personal firewall applications and residential gateway devices to allow the passage of data for the designated protocols and ports.
Note | Network devices that support UPnP (Universal Plug and Play) allow for dynamic port configuration. Both ICS and ICF support UPnP, allowing all of the features of applications like Windows Messenger to automatically communicate with other computers on the Internet. |
Blocking any of these ports will prevent all or part of an application from functioning. For example, if port 3389 is blocked, users will be unable to remotely connect to their desktops using Remote Desktop.
Certain applications, such as Windows Messenger, use a combination of TCP and UDP ports to establish network communications. These applications use dynamically assigned UDP ports to manage the transfer of audio and video data. The more ports that are opened on a firewall, the more points of entry there areinto the corporate network, providing would-be intruders with additional avenues of attack. Therefore, the opening of wide ranges of UDP ports for dynamic application assignment is discouraged by network administrators. As a result, if dynamic ports 5004 to 65535 are blocked, Windows Messenger will be unable to exchange audio and video message traffic.
Note | Other means of administering access to Internet applications includes installing and uninstalling them, as well as using Group Policy to control their functionality and availability. For more information on the use of Group Policy, refer to "Group Policy" in Chapter 9, "Security Administration" |