Ports Vulnerability?

I'm not sure if I'm in the right forum or not . . . confused

Could someone please explain to me about how a hacker could use open ports against me, and how I can protect my system and network?

Here's why I ask. My ISP controls my router and hardware firewall. I wanted to open up a certain port to use VNC software, which would be like using port 3389 for Remote Desktop. The ISP balked when I asked to access the router to use port forwarding to allow the right port to open up. "We strongly discourage this", they said. The problem was that they couldn't tell me much more than that it makes us vulnerable.

So, if I want to open up a port, like say 5900 to use the VNC software, then what can I do to prevent problems from hackers? If I open up a port, is it inevitably just an open security hole no matter what?

The VNC software and computer logons all are configured with strong passwords. The network is wired, not wireless. All systems are using a firewall and antivirus and running Windows XP Pro, XP Home or 2000 Professional.

I'd appreciate some advice on this to help me understand it better. Thanks!

 

In a much simplified analogy, if you leave a door to your house unlocked, does it matter which door it is, and is there any way to secure it for certain?

Open ports always pose a security risk, but some ports more than others (usually lower numbered ports, like 21, 22,23, 80 and 139). Having a firewall on your end, along with a good antivirus is your best bet in staying secure while using an open port.

Port triggering is better than Port forwarding security wise, if its an option. That way, the port is only open when you want to use it.

 

Lots of great information-thanks. So, if port triggering will work with the VNC application, would you go for it? Or do you think it's too big of a risk? This particular network is in a public area and includes local government offices.

 

Well, to be honest, I wouldnt risk opening ports at all on a government network, same as banks.

But, to each their own. Having it locked down is going to lose functionality.

If you still want to use VNC though, I'd take security one step further, and use it over VPN, or via an SSH tunnel.

There are several discussions on the net regarding setting it up.