Specific info on server hardening found here:
http://technet.microsoft.com/en-us/library/cc262849.aspx
This post has hardening recommendations for both the SharePoint WFEs and app servers, as well as the SQL server hosting SharePoint.
And from this post by JoelO, http://blogs.msdn.com/joelo/archive/2007/02/13/protocols-ports-and-firewall-rules.aspx, there's a great list of ports SPoint uses, like so:
|
Inbound/Outbound |
From |
Port |
To |
|
Inbound |
Client IPs (as applicable) |
TCP 80 or 443 |
ISA Web Pub or WFE |
|
Inbound |
TS Jump point |
RDP (TCP 3389) For Remote Admin |
APP (Central Admin /SSP Admin) |
|
Inbound |
All SharePoint Server (Depends on Central Admin config) |
Office Server Web Services, TCP 56737, SSL 56738 |
App (Central Admin /SSP Admin) |
|
Inbound |
Index *** |
TCP 80 or 443 |
WFE |
|
Outbound |
ALL SharePoint Svrs (Based on Auth) |
DS (TCP 445) RPC (TCP 135) DNS (UDP 53) Kerberos (UDP 88) LDAP/S (UDP 389/636) |
DC/DNS (LDAP) |
|
Outbound/(Inbound if applicable) |
WFE (alerts or mail enabled list) * |
SMTP (TCP 25) |
SMTP/Exchange |
|
Outbound |
ALL SharePoint Svrs |
SQL (TCP 1433) or SSL custom port |
SQL |
|
Outbound |
WFE (Search Request) |
Search Query, either NBT (TCP/UDP 137, 138,139) or Direct-hosted SMB (TCP/UDP 445) |
Query |
|
Outbound |
Index (Propagation) |
Search Query, either NBT (TCP/UDP 137, 138,139) or Direct-hosted SMB (TCP/UDP 445) |
Query |
|
Outbound |
WFE (SSO) |
RPC for SSO – (TCP 135), plus random high ports (Dynamic RPC) or restricted high ports (Static RPC) |
APP Servers |
