UIS.203.7T Restricted List of Ports, Protocols, and/or Services

In support of UIS.203 Least Functionality Guidelines

Requirements:

Georgetown University Information Services (UIS) shall specifically prohibit or restrict the creation of advertised services that open the following functions, ports, protocols, and/or services on a server:

ARINC-GATEWAY Port 55210 / TCP
Background File Transfer Protocol (BFTP) Port 152 / TCP
Border Gateway Protocol (BGP) Port 179 / Transmission Control Protocol (TCP)
Courier Port 530 / TCP, User Datagram Protocol (UDP)
Domain Name System be (DNS) Port 53 / TCP, UDP
File Transfer Protocol (FTP) Ports 20, 21 / TCP
Finger Port 79 / TCP
Hypertext Transfer Protocol (HTTP) Port 80 / TCP; 443 / TCP
HTTP-MGMT Port 280 / TCP
Identification Protocol (IDENT) Port 113 / TCP, UDP
Internet Control Messaging Protocol (ICMP) – block incoming echo requests (ping and Windows traceroute) block outgoing echo replies, time exceeded, and destination unreachable messages except “packet too big” messages (type 3, code 4). Note: Blocking ICMP will restrict legitimate use of PING in an effort to restrict malicious activity.
Internet Message Access Protocol (IMAP) Port 143 / TCP, UDP
Internet Relay Chat (IRC) Port 194 / UDP
Lightweight Directory Access Protocol (LDAP) Port 389 / TCP, UDP
Line Printer Daemon (LPD) Port 515 / TCP
LOCKD Port 4045 / TCP, UDP
Network Basic Input Output System (NetBIOS) Ports 135, 445 / TCP, UDP; 137-138 / UDP; 139 / TCP
Network File System (NFS) Port 2049 / TCP, UDP
Network News Transfer Protocol (NNTP) Port 119 / TCP
Network Time Protocol (NTP) Port 123 / TCP
Oracle Names (ORACLENAMES) Port 1575 / TCP, UDP
Port Mapper (PORTMAP/RPCBIND) Port 111 / TCP, UDP
Post Office Protocol 3 (POP3) Ports 109-110 / TCP
Services Ports 512-514 / TCP
Secure Shell (SSH) Port 22 / TCP
Session Initiation Protocol (SIP) Port 5060 / TCP, UDP
Shell Port 514 / TCP
SIDEWINDER-COBRA, (S) Port 2809 & 9002 / TCP
Simple File Transfer Protocol (SFTP) Port 115 TCP, UDP