On a brand new install of Windows 2008 core (for use as a hyper V host( There are 4 ports open to the world:
135/tcp open msrpc
445/tcp open microsoft-ds
2179/tcp open unknown
49154/tcp open unknown
I tried blocking one of them with the rule netsh firewall delete portopening protocol=TCP port=135
But nmap -PN
still shows it as open! I am a lot more experienced with Linux, so I am not sure if these ports are a security risk or not, but I would rather close them to the world.
How can these ports be blocked using netsh advfirewall firewall
?
To expand on this further, what are the most locked-down firewall rules that can be put in place to allow remote management using server manager, and hyper V manager, from a single trusted IP address. To put it another way, I want to manage these new servers from a single remote machine, and allow no access to anyone who is not using that IP.
Pull the network cable out. I'm sure the RPC service is much more secure than it used to be but having ports 135 and 445 open to the world would make anyone who had to deal with the Blaster and Sasser worm more than a little nervous.
Set the firewall to block everything inbound.
Only allow the traffic you want, from the IP addresses you want it from.
Better yet, put a hardware firewall in between that server and the Internet.
Instead of using the tools remotely, consider using them locally from the server. And access the server via RDP. it only needs a single port (3389) open and will let you remotely manage the VMs the same as you would locally on your box. I find the performance almost the same and for the most part unnoticable. (assuming your internet connection isn't dialup, in which case, remote management would suck too).