Rule of thumb is that the only ports left open are those giving services on those ports. If the box is running a web server, then 80 should be open (to the internet in general, right?) If there are secure ports running (https) then you may have open ports on those services - https is 443, or something. Do you have the DNS service running there? Then 53 will be open, etc.
Open ports aren't the only security concern. Passwords can be cracked, if the aren't tight - for instance, don't use the password "password" or "bob", etc. You will be 0wned. Also beware of other security concerns, such as vulnerabilities and other exploits in the software running on the box. These can be completely unrelated to open ports at times.
For the services you have to have running, which are essentially open to the outside, make sure you limit the access to those services in thier respective security features.
I have also heard of a tool called Retina that is kind of a security analyzer - can tell you what holes your system has, vulnerabilities, etc.
|