Disabling Ports 135 and 445 to protect the Road Warrior
1. Windows Firewall Page 1
Security Instructions to close down unused laptop ports
Written by: Dave Sweigert, CISSP, CISA, PMP
ABSTRACT: Laptop users (road warriors) that are not usually operating within a local area
network infrastructure behind a firewall may have certain communications ports enabled that
place them at greater risk in public WiFi (wireless access) points.
INTRODUCTION: This white paper will provide instructions on how to disable
communications Ports 135 and 445 on a laptop used in a public wireless environment. Users
should disable one port at a time, monitor the operation of their business critical applications,
then enable another port after the observation period.. Again, monitor behavior then proceed.
These instructions assume use of Windows 7.
METHODS:
Step One:
Locate System Security tab from Control Panel by pressing the Microsoft Windows logo in the
lower left area of your desktop.
2. Windows Firewall Page 2
Step Two:
Locate the FIREWALL capability.
Step Three:
Click Advanced Settings
3. Windows Firewall Page 3
Step Four:
Click INBOUND RULES on the left tool bar and observe NEW RULE in the right hand tool
bar.
Step Five:
Click NEW RULE then observe a new dialogue box, click PORT.
4. Windows Firewall Page 4
Step Six:
Enter NEXT then observe SPECIFIED LOCAL PORTS; enter 135 then NEXT
DISCUSSION:
Well known malware Root kits can use port 135 to transmit data back to home base and
download more malware. An attacker who can access TCP or ports 135, 139 or 445 could
execute arbitrary code with Local System privileges. This allows the attacker to gain complete
control over the exploited system.
On systems protected by an infrastructure firewall, it is a standard practice to block these ports
due to the known associated risks.
7. Windows Firewall Page 7
Step Eight:
Leave all check marks in-place and proceed with NEXT.
8. Windows Firewall Page 8
Step Nine:
Apply a suitable name to this rule; such as “Block Inbound Port 135”.
9. Windows Firewall Page 9
Step Ten:
Observe the new rule.
Repeat the same process for OUTBOUND Port 135. After a positive observation period, repeat
for Port 445 (notice OUTBOUND RULES below).
RESULTS: Inbound and Outbound attempts to use these ports will be disabled. In sum, these
ports are considered unnecessary in a WiFi public setting and are considered another gateway for
malicious software and hacker activities.