In my company's corporate LAN, the servers are located on a seperate VLAN. We are using a multilayer switch Catalyst 3560G. I have concern on how to secure the servers beyond the default security provided by the switch.
I witnessed a demonstration, where a hacker was able to execute a script (he wrote using C programing language) to access servers remotely and take control of the desktop and run any program desired (even though there was access list statements filtering window remote desktop access).
Can some one advice me on how to implement appropriate security to secure our servers by stopping/filtering access from the multilayer switch. I know that in most cases they exploit the use of open ports to gain access, how can I know the right ports to shut to avoid.
I used the access list statement below to filter remote desktop access to the servers.
access-list 100 remark remote-access-acl
access-list 100 deny deny tcp 172.20.x.0 0.0.0.255 172.20.y.0 0.0.0.255 eq 3389 log
access-list 100 permit ip any any
But it is not enough to check the hacking scenerio described in the demonstration cited above.
What port numbers are exploited by by program scripts, if I am to shut them down .