Port 443 open

Topic

New Reply

I just ran the ShieldsUP port scans (https://www.grc.com click Services and ShieldsUP). Everything passed just fine except that it reports port 443 is open. Here is the notice:

[INDENT]The presence of this secure web port in your system implies that this system is establishing secure connections with web browsers. The number one reason for doing this is the transmission of credit card information. This implies that the successful intruder could access the web server’s credit card database and score bigtime. This is a VERY bad port to have open unless you are actually conducting secure web commerce![/INDENT]

This sounds like an indication that there is a webserver on my computer that is open to the outside world. If there is, it is some Windows 7 default because I’ve never installed a webserver that I know of.
Here is the setup that is being tested:

[*]ZyXell router model USG-20w connected to a DSL modem. Standard firewall setup as far as I can remember.
[*]Two computers behind that router on our lan. Both with Windows 7 Pro. One using Windows Firewall, one using Norton Internet Security. I have not done anything with port 443 on either of these software firewalls.
[*]One computer on a wireless lan which is in the router’s DMZ. This computer is owned by a friend who is renting a room from us. He is very security conscious and has not intentionally opened that port on his system, though I cannot say anything about what he might accidentally have done.

So my questions would be:

[*]Do I need to worry about this message?
[*]If so, how do I determine where the problem lies and how do I fix it?

Hopefully I have provided enough information to answer those questions. If something else is required, please let me know.

Thanks!

Reply | Quote

Replies

1st thing I would do is disable the wireless LAN and rerun the test.

That will at least narrow down where to look.

Reply | Quote

Thank you. That’s a good suggestion. Easy to do. Sorry it took so long, but I finally gave it a try. Turned off the wireless LAN, retested, same error: Port 443 open.

Reply | Quote

While I was in the router I tried turning off the built-in firewall. Wow! What a difference that made. With the hardware firewall on, all ports are stealthed except for 443. With the hardware firewall off I am relying on my software firewall. That’s Norton Internet Security for me, Windows Firewall for my wife. I have no idea if only my computer was tested or if the port test looks for a port on any computer connected to the LAN. The results were that ports 22, 23 and 443 were open and most of the others were closed, rather than stealthed.

So that shows the value of a hardware firewall, but it still doesn’t answer the original concern. Or the original question: do I need to worry about this, given that I am not operating a web server on my PC?

Thanks.

Reply | Quote

Your PC may not be running a web server, but the router is.

The ZyXell USG-20w is a serious bit of kit: much more capable than the average residential router. It has, for example, a remote dial-in capability that will be protected by SSL encryption. This is probably the source of the Port 443 response. It also has the ability to launch an SSH session or to Telnet into the box, which is why Ports 22 and 23 are responding.

To check this, go to whatsmyip.org and make a note of your public IP address. Now, ideally from a machine outside your network (a friend or neighbour) browse to https://{your-ip[/I]}. I would expect to see a router login screen.

Next, turn off the router. Leave the modem switched on and repeat the test above. I expect no response, even though the IP address is live because the modem holds it open.

Is it a worry? Well it depends on how secure the router remote access is? Make sure you have a strong password, or better still if you don’t need them, turn off the remote access tools. Some financial institutions require all low ports to be stealthed before they will allow access to their systems. I recall a visitor to the Lounge here last year had an issue with a bank who would not grant a particular service because his system was responding on a port. That may not be an issue here, but it is worth bearing in mind.

Reply | Quote

Yeah, the ZyXel is a good router. Pretty complex to setup, too. Way back in the dark ages we connected our home office and business with VPNs, but they were extremely difficult to establish and work with. Small businesses do not have the budget to just throw money at a problem (is it worth eating ramen every night for two months so we can buy this new piece of equipment?) When Linksys came out with the affordable BEFVP41 routers we bought two of them and VPN life became much easier. But after quite a few years of reliable operation ports started to fail. I tried replacing them with newer routers from DLink or Linksys with complete and total disappointment. When Cisco bought Linksys they rebranded the lousy Linksys routers I had tried to be Cicso’s small business routers. Pah! Small businesses cannot abide unreliable equipment any more than large ones can. I shopped around and found the ZyXel routers which were business quality and affordable, so I bought them. Aside from the difficulty of setting them up, I have found them to be very reliable and that is a very key feature.

We need access to the computers in our store whether we are working in our home office (sometimes 110 miles away, sometimes 1200 miles away) or while traveling, so I have the SSL VPN setup and protected with a reasonably good password. I do the same with the home office one partly because I am sometimes traveling while my wife is working at home (I’m the IT guy) and partly just so the routers are configured as identically as possible. I’m sure that must be why the port is open. Since I do use that service I guess it will remain open. I will re-visit my passwords and see if they can be improved. I do need to be able to remember them, so they can’t be ultimately safe.

So I think you nailed it. Thank you!

Reply | Quote

I will re-visit my passwords and see if they can be improved. I do need to be able to remember them, so they can’t be ultimately safe.

Consider using a tool such as LastPass. It’s free, unless you want access from your phone, and even then it’s cheap. Then you can use a very strong password.

Reply | Quote

Thanks, but I think I’ll pass on the password manager. I’ve been maintaining my own passwords since 1982 and have seen too many changes of technology and too many hardware failures to trust them. Plus, if I’m traveling I will not be sitting at my computer where the password manager resides. What I do is this: I use pretty good passwords with a mix of numbers and upper/lower case letters, though my older ones are just lower case. I keep them in a LockNote file with a good password on it. I keep copies of that on my PC and on a thumb drive. These copies are sync’d three times a day by a script that runs on a schedule. I have hundreds of logins and passwords and the list is constantly growing and being modified. I make a hard copy when I change operating systems in case LockNote ceases to work on the new OS. I keep it in a file with a bunch of other stuff. A crook will never find it – he’d have to look at every piece of paper in 17 file drawers. When I travel I take the thumb drive with me. That’s about as good as it’s going to get.

Reply | Quote