Security Performance Management

Open Port Vulnerabilities: What's the Big Deal?

Angela Gelnaw | May 21, 2019

If you’ve done any research into improving network security, you’ve probably seen one suggestion repeated again and again: close your open ports.

Why is this such a common recommendation? Are open port vulnerabilities really a big deal? What can you do about them?

Let’s find some answers to your open port questions.

What are open ports?

If you’re already familiar with the technical side of ports, feel free to skip ahead to the next section. For everyone else, here’s a layperson’s explanation:

All communication that happens over the internet is exchanged via ports. Every IP address contains two kinds of ports, TCP and UDP, and there can be up to 65,535 of each for any given IP address. Services that connect to the internet (like web browsers, email clients, and file transfer services) use specific ports to receive information.

Any internet-connected service requires specific ports to be open in order to function. However, when legitimate services are exploited through code vulnerabilities or malicious services are introduced to a system via malware, cyber criminals can use these services in conjunction with open ports to gain access to sensitive data.

Closing unused ports is like shutting the door on those cyber criminals. That’s why it’s considered best practice to close any ports that aren’t associated with a known legitimate service.

What can you do about them?

System administrators can scan for and close open ports that are exchanging information on their networks.

Closing open ports requires knowing which ports are actually required by the services running on a network. Some of these are universal — for example, port 80 is the port for web traffic (HTTP). Others are reserved by specific services.

Once the administrator knows which ports must remain open, they can conduct a scan to identify open ports that might be exposing their systems to cyber attacks. There are many free tools available online that make this scanning process easier.

If a port is (1) open and (2) not associated with any known service on the network, it should be closed immediately.

How can you monitor open ports?

On a small network with relatively few IP addresses, closing open ports isn’t that big of a task. However, on larger networks with a constant flow of new devices, monitoring and managing open ports can be extremely time-consuming. In addition to the ports themselves, the services exchanging information through those ports should be monitored as well.

Luckily, because the ports and services in question are facing the public internet, they can be scanned by continuous monitoring technologies like the BitSight Security Ratings Platform. BitSight provides users with a letter grade (A-F) for open port vulnerabilities on their networks. The grade is automatically generated, updated daily, and reflects performance compared to other organizations in the same industry.

Other security ratings services providers also provide open port monitoring tools, but BitSight has three times more coverage of open ports and services than their closest competitor, with more than 300 unique ports and services regularly tracked.

While other services only focus on web applications, BitSight provides a more comprehensive view that includes LDAP, remote desktop access, building automation software, IoT devices, and other known targets that can compromise a system. Cyber criminals don’t limit their attacks to web applications, so detection systems shouldn’t either.

What do open ports say about overall security?

If an organization has more open ports than the average organization in its industry, it’s more likely to experience a data breach.

The above statement was proven by a joint study between BitSight and Advisen, which showed that 60% of breached organizations had 10 or more ports susceptible to unauthorized use. The same survey also showed that organizations with an “F” grade in the open ports vector on the BitSight Security Ratings Platform were twice as likely to experience a data breach than organizations with an “A” grade.

BitSight Open Port Grade and Correlation to Data Breaches chart

If BitSight can see this information, that means cyber criminals can too. Open ports are a big deal — actively monitoring and managing them can help reduce your organization’s overall risk profile.

Conclusion

It’s a fact — open ports can increase your organization’s risk of data breach. However, by performing a few initial scans and setting up a continuous monitoring tool, this risk vector can be virtually eliminated. Compared to other, more complex security issues, open port vulnerabilities are easy to mitigate, and doing so is part of practicing good cybersecurity hygiene.

Learn additional ways to use security ratings to monitor your cybersecurity program. Download our ebook today.

Q219 Cybersecurity Benchmarking & Security Performance Management TOF Ebook Social Graphic 1

Suggested Posts

How to Make More Informed, Data-Driven Security Decisions

Data can be the key to making more informed, strategic cybersecurity decisions — and ensuring you’re spending your security dollars effectively. In order to get the most out of your increasingly limited security resources and meet or...

READ MORE »

The Latest Cybersecurity Trends in State Government Entities

It should come as no surprise that the cybersecurity landscape has been changing dramatically throughout the year 2020. According to BitSight research, up to 85% of the workforce in some industries has shifted to remote work in response to...

READ MORE »

Driving Operational Efficiency in Your Remediation Process

Let’s face it: In order to get the most out of your limited time and resources, you need to rethink the traditional processes you have in place throughout your risk management program — from the initial discovery and assessment phases to...

READ MORE »

Subscribe to get security news and updates in your inbox.