How to check open ports to secure ASAP ?

[protos]

What is the easiest way/command to check open ports and monitor them on a daily basis to see who might be coming in or 'looking around' ??

thanks

 

[haknwak]

I'll assume you know which ports are open by your config and ACLS etc. You really need to monitor that activity. Probably the most standard way is to enable syslog and monitor the logs.

Get a CCO login at

http://tools.cisco.com/RPF/register/register.do

Here is pretty much everything you need to know about setting up and using PIX syslog:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_62/syslog/pixemint.htm#1019949

for v6.2

Then you need a syslog monitor/analyzer of some kind. I use insideout - not the best but it works -

http://www.stonylakesolutions.com.

Kiwi syslog is okay too I forget the link but you can search on "kiwi syslog" and come up with it easily.

You should run an outside port scan, on your entire public network, every so often as well. Shadow Security Scanner is good, nmap is very popular, retina is used by law enforcement - there are dozens and others here will have great suggestions I am sure.

 

[haknwak]

Any Access-list statement that says "allow ..." is opening a port to an address. Of ycourse you need to be able to translate that address to a server or other device on your network.

If there is "any" at the end, everything is open.

If you see an "EQ 80" or some other "EQ" statement - that is your port that is opened.

You may see "GR some number' which is Greater Than

You may see "LT" which is Less than some port number

 

[yizhar]

HI.

You should also carefully monitor VPN login and access.

Bye
Yizhar Hurwitz

http://come.to/yizhar

http://teachers.sivan.co.il/yizhar