If you’ve done any research into improving network security, you’ve probably seen one suggestion repeated again and again: close your open ports.
Why is this such a common recommendation? Are open port vulnerabilities really a big deal? What can you do about them?
Let’s find some answers to your open port questions.
What are open ports?
If you’re already familiar with the technical side of ports, feel free to skip ahead to the next section. For everyone else, here’s a layperson’s explanation:
All communication that happens over the internet is exchanged via ports. Every IP address contains two kinds of ports, TCP and UDP, and there can be up to 65,535 of each for any given IP address. Services that connect to the internet (like web browsers, email clients, and file transfer services) use specific ports to receive information.
Any internet-connected service requires specific ports to be open in order to function. However, when legitimate services are exploited through code vulnerabilities or malicious services are introduced to a system via malware, cyber criminals can use these services in conjunction with open ports to gain access to sensitive data.
Closing unused ports is like shutting the door on those cyber criminals. That’s why it’s considered best practice to close any ports that aren’t associated with a known legitimate service.
What can you do to fix open ports?
System administrators can scan for and close open ports that are exchanging information on their networks.
Closing open ports requires knowing which ports are actually required by the services running on a network. Some of these are universal — for example, port 80 is the port for web traffic (HTTP). Others are reserved by specific services.
Once the administrator knows which ports must remain open, they can conduct a scan to identify open ports that might be exposing their systems to cyber attacks. There are many free tools available online that make this scanning process easier.
If a port is (1) open and (2) not associated with any known service on the network, it should be closed immediately.
How can you monitor open ports?
On a small network with relatively few IP addresses, closing open ports isn’t that big of a task. However, on larger networks with a constant flow of new devices, monitoring and managing open ports can be extremely time-consuming. In addition to the ports themselves, the services exchanging information through those ports should be monitored as well.
Luckily, because the ports and services in question are facing the public internet, they can be scanned by continuous monitoring technologies like the BitSight Security Ratings Platform. BitSight provides users with a letter grade (A-F) for open port vulnerabilities on their networks. The grade is automatically generated, updated daily, and reflects performance compared to other organizations in the same industry.
Other cybersecurity ratings services providers also provide open port monitoring tools, but BitSight has three times more coverage of open ports and services than their closest competitor, with more than 300 unique ports and services regularly tracked.
While other services only focus on web applications, BitSight provides a more comprehensive view that includes LDAP, remote desktop access, building automation software, IoT devices, and other known targets that can compromise a system. Cyber criminals don’t limit their attacks to web applications, so detection systems shouldn’t either.
What do open ports say about overall cybersecurity?
If an organization has more open ports than the average organization in its industry, it’s more likely to experience a data breach.
The above statement was proven by a joint study between BitSight and Advisen, which showed that 60% of breached organizations had 10 or more ports susceptible to unauthorized use. The same survey also showed that organizations with an “F” grade in the open ports vector on the BitSight Security Ratings Platform were twice as likely to experience a data breach than organizations with an “A” grade.
If BitSight can see this information, that means cyber criminals can too. Open ports are a big deal — actively monitoring and managing them can help reduce your organization’s overall risk profile.
It’s a fact — open ports can increase your organization’s risk of data breach. However, by performing a few initial scans and setting up a continuous security monitoring tool, this risk vector can be virtually eliminated. Compared to other, more complex security issues, open port vulnerabilities are easy to mitigate, and doing so is part of practicing good cybersecurity hygiene.