Why Closing Unused Ports on a Server is Critical to Cyber Security.
Open ports on a server are a security vulnerability that can potentially allow a hacker to exploit services on your network. If those services are unpatched, a hacker can easily take advantage of the system by running a simple port scan using free software like nmap to discover the open ports. It’s important that you understand some basics about port security and how to manage ports with the principal of least privilege.
Securing your network is simplified when you incorporate the principal of least privilege. What this principal suggests is that every module (such as a process, a user, or a program) is only allowed to access the information and resources that are necessary for legitimate purposes. Let’s look at an example of least privilege that will make it easier to understand. Image an office building where all the doors are locked. You have a key that will unlock your office but nothing else because you don’t have permission to access the other offices rented by other tenants. Now think of the janitor of that building. The janitor must have access to all the rooms to clean them. The janitor gets all the keys and privilege to all the offices because he has a legitimate purpose of cleaning them. Since you do not have a legitimate purpose to use the other offices, your privilege to open doors is limited to only your office and the shared restroom.
How to secure 65,535 ports?
There are a large number of ports. 65,535 ports to be exact. This large number of ports can seem rather overwhelming when thinking about securing them individually, however, using the principal of least privilege you just close all ports and focus on opening the small number of ports you really need.
“A Closed Port is a Safe Port”
If you don’t know why a port is open, determine what service is running on it, and if there is no business need, shut it down! Check out this service list to view a list of common services that run on a particular port. It’s important to note that multiple applications can use the same port. Just remember that running the nmap utility will show you what is open and tell you what is using the port. Once you have closed all unnecessary ports, make sure you document the ports left open. The documentation should include the port number, the service, the business reason/function, the owner, and the date it was implemented.
To Recap:
- Close All Ports!
- Patch All Services
- Incorporate Principal of Least Privilege
- Document Open Ports