Open Ports: What They Are and Why You Need to Secure Them
Open ports enable services and applications to perform their functions properly. However, certain ports may pose security risks to your network. Read this article for a better understanding of why you should close risky, unused ports.
Ports allow communication between devices. Internet-facing services and applications essentially listen on ports for a connection from the outside to do their jobs. Without ports, communication between hosts over the internet is not possible.
At times, the problem with ports is that those that are not supposed to be open are inadvertently left exposed. An administrator at your company may have opened a port to satisfy a request and forgotten all about it. A firewall configuration may have been automatically modified by an application, leaving some ports open without your knowledge.
It is often difficult to assess and mitigate risks associated with an open port at any given time. Unfortunately, open ports provide a pathway for attackers to exploit vulnerabilities in your system. Data breaches related to open ports happen all the time.
At Intelligent Technical Solutions, this is an issue that we usually encounter from some of our clients. However, through an in-depth network assessment, we can discover open ports and services that potentially put our clients' networks at risk. We have been doing the same thing for our 368 clients and counting over the past 18 years.
In this article, we explain what open ports are and the security implications of having them open. We also discuss how they work and what you can do to secure them.
What Are Open Ports and How Do They Work?
Before we discuss why leaving some ports open is a security risk, let's first look into the specifics of what ports are.
The term port refers to a communication endpoint or where all network communications start and end. A port identifies a specific process or service and is assigned a number depending on its specialized purpose.
In simpler terms, ports enable devices to tell what to do with the data they receive over a similar network connection. For instance, emails are routed through a different port (port 25) than websites (port 80). A port currently in use cannot run another service on it and will return an error message.
The transport layer of the Internet Protocol Suite, such as the Transmission Control Protocol (TCP) and User Datagram Protocol (UDP), uses ports to transmit and receive chunks of information, known as packets. An open port refers to a TCP or UDP port number that is actively accepting packets. In other words, behind it is a system that is receiving communication. A closed port, on the other hand, rejects or ignores packets.
Some ports are reserved for specific protocols and are therefore required to be open. In addition, ports are opened depending on your firewall configuration or operating system: what is open on one may be closed on another.
What Makes Open Ports Dangerous?
Open ports are not the issue per se. It's the applications and services listening on these ports.
Attackers can easily exploit weaknesses in the applications listening on a port. Hackers can take advantage of security vulnerabilities in older, unpatched software, weak credentials, and misconfigured services to compromise a network.
Some ports are not intended to be publicly exposed. For instance, the Server Message Block (SMB) protocol, which operates over TCP ports 139 and 445, is open by default in Windows machines. It is meant only for file sharing, printer sharing, and remote administration.
Due to numerous vulnerabilities in the earlier versions of the SMB protocol, it was exploited by threat actors in the highly publicized WannaCry ransomware attack. Computers infected with WannaCry scanned its network for devices accepting traffic on SMB ports to connect to them and spread the malware.
In addition, some ports are prone to abuse. An example is Microsoft's remote desktop protocol (RDP), which allows a user to access a remote host. According to ITS Director of Operations Peter Swarowski, there are many attack vectors for bad guys trying to get in through RDP.
"Some of them are unpatched systems with known vulnerabilities where they can bypass all authentication and get right into whatever is hosting RDP right away. Some of it is brute force, so if you have RDP exposed and you don't have the means for locking out accounts from several failed logins, hackers can get in that way," he explained.
How to Secure Open Ports
Here's how you can secure your perimeter from the risks posed by vulnerable, unused, or commonly abused ports, according to Swarowski:
1. Access ports using a secure virtual private network (VPN).
If a business needed something like RDP, ITS would use an encrypted VPN connection to access RDP instead of leaving it open to the internet. Users need to connect to the VPN first before they can gain access to your RDP. That way, the VPN has to be attacked and bypassed first before the attackers can then get into a vulnerable RDP connection.
2. Use multi-factor authentication.
Having multi-factor authentication (MFA) helps significantly in securing an open service. Even if you have a credential leak or a brute-force attempt, the threat actors would be challenged with an additional code or authentication method that they would not be able to bypass.
3. Implement network segmentation.
Network segmentation is a process by which a larger network is divided into smaller parts or subnets. If you have an open DVR (Digital Video Recorder) port for your camera system, another option for securing that is segmenting it off the rest of your network. Even if somebody gets into this DVR, they can't get into your server and your workstations or go after more critical data.
4. Scan network ports regularly.
ITS runs a process that looks for unsafe open services, such as unencrypted, legacy ports on clients’ networks, so administrators can close them or replace them with a secure version. A weekly check is initiated on every port on every managed device to identify which ones are risky and need to be restricted.
Manage Your Attack Surface
Your attack surface (i.e., the sum of all possible points that attackers can exploit) should be limited in size. Through a comprehensive network assessment, you can identify vulnerabilities in your physical and digital environments, including unused, exposed ports. Some open ports pose a danger to your system and should be secured.
Keep your attack surface small with the help of ITS. ITS can assist you in ensuring the security of your infrastructure. Get in touch with our account representatives today for your free network assessment.