IT Services rely on an individual port assigned to them in order to receive and transmit information, therefore, it’s imperative that an organization keeps track of what ports are open within their IT environment, the function of the port and what services it’s associated with.
Detecting and disabling unwanted ports is part of an ongoing hardening process. This control is specifically mandated by the NERC CIP requirements for the security of North America's bulk electric system and is also recommended by the Center for Internet Security (CIS), specifically in the foundational control CIS Control 9: Limitation and Control of Network Ports, Protocols and Services.
In this blog, I’ll be highlighting why it’s important to track open ports, what dangers open ports present to your organization and how to track, control and correct open ports using NNT Change Tracker Gen7 R2.
Open Ports - A Vulnerability in Disguise
Open ports can become dangerous when services are exploited through security vulnerabilities or malicious services that are launched into the system via malware. The services using the ports can be unpatched, misconfigured, and ultimately, left vulnerable to potential exploits. Cybercriminals could leverage those services with open ports in order to steal sensitive company and customer data. Simply put, keeping unused ports shut reduces the level of security risk an organization is exposed to.
There are several solutions on the market that can help you achieve this, but in this example, I’ll demonstrate how using NNT Change Tracker Gen7 R2. Change Tracker is a great tool to track open ports and protocols, with the ability to provide users with scan results listing all devices with their open protocols and ports. This will display as an event within Change Tracker, and when expanded, displays all the open ports on a server. Below is a screenshot of all the open ports on a server. With the information collected, users have the ability to investigate and determine if those open ports are malicious in their environment.
How to Determine What Services to Disable
Did you know that Windows operating systems have over 200 services installed? As you may have guessed, determining which of these services can be safely disabled or removed in order to eliminate unwanted open ports without affecting the required functionality is not as simple as it seems.
Change Tracker can help your organization determine this using our CIS-Certified Compliance reports to demonstrate exactly which services need to be disabled or removed on your systems. As a CIS-certified vendor, NNT provides our customers with an extensive library of CIS-certified compliance reports for a wide variety of platforms, including Windows Servers and Desktops, Linux servers including Redhat, Centos, Ubuntu, Debian, databases such as SQL and Oracle, and many more.
With the CIS Benchmarks report, Change Tracker is able to investigate hundreds of system settings including important services. If the setting matches the CIS guideline, the setting will be marked as Passed in the report; if the settings do not match then a Fail will be displayed. Should the setting fail, the report’s remediation text will clearly state instructions on how to secure the setting.
For example, the services related rule as seen below recommends that the Bluetooth Support Service be set to disabled. The rationale informs us that Bluetooth technology has inherent security risks and wireless Bluetooth traffic is not well encrypted, hence it should be disabled.
I ran a Windows compliance report against my system and found out that Bluetooth Support Service was not disabled, the check has correctly been Failed. As a result, we can see remediation text on how to get this rule to Pass to help keep the system secured and up to CIS security standards.
Once I applied the remediation, I ran the same report again on Change Tracker to see if the rule had been set correctly. Below we can see a Pass mark, meaning that the Bluetooth Support Service has successfully been disabled, meeting the CIS security standards.
As mentioned earlier, a compliance report has hundreds of security rules within it. As a result, it can be very time consuming to remediate all of the rules individually. Fortunately, NNT provides customers with CIS Build Kits that contain pre-configured group policies for Windows machines and a script for Linux servers that match the recommended configurations of the CIS Benchmarks.
In conclusion, open ports and unneeded services can significantly increase your organisations risk of a data breach or an unwanted security incident. However, by performing regular port scans and continuously monitoring your hardened posture by using tools like NNT Change Tracker, you’ll be provided with valuable insight and help reduce your attack surface. To learn more about open port hardening and how to get started, download our Security Control eGuide: Hardening Open Network Ports, Protocols and Services.
Share this post