Attackers knock at virtually every public-facing website or server and automate attacks on weak, easy-to-exploit ports. To bolster your cybersecurity, it's crucial to close ports that are not necessary for IT operations, restricting access to your internal network only.

‍

Ports are entry and exit points for data transmitted over a network. These ports can be open or closed, and it is important to ensure that only the necessary ports are open to prevent unauthorized access to your system. By closing unnecessary ports, you reduce the potential attack surface and enhance the overall security of your network infrastructure.

‍

Common ports

FTP (ports 20 and 21)

• These ports are used for the File Transfer Protocol, which allows users to send and receive files from servers. FTP is known for being outdated and insecure, and is often exploited through techniques such as brute-forcing passwords, anonymous authentication, cross-site scripting, and directory traversal attacks.

‍

SSH (port 22)

• This port is used for the Secure Shell protocol, which provides secure access to servers. SSH can be vulnerable to attacks such as brute-forcing passwords and exploitations of known vulnerabilities in the protocol.

‍

Telnet (port 23)

• This port is used for the Telnet protocol, which allows remote access to systems. Telnet is notoriously insecure and is rarely used today due to the risk of eavesdropping and password sniffing.

‍

Port 25 (SMTP)

• Port 25 is a Simple Mail Transfer Protocol port for receiving and sending emails. Without proper configuration and protection, this TCP port is vulnerable to spoofing and spamming.

‍

Port 53 (DNS)

• The Domain Name System port is a UDP and TCP port for queries and transfers, respectively. This port is particularly vulnerable to DDoS attacks.

‍

Ports 137 and 139 (NetBIOS over TCP) and 445 (SMB)

• Server Message Block (SMB) uses port 445 directly and ports 137 and 139 indirectly. Cybercriminals can exploit these ports through:
  

1. Using the EternalBlue exploit, which takes advantage of SMBv1 vulnerabilities in older versions of Microsoft computers (hackers used EternalBlue on the SMB port to spread WannaCry ransomware in 2017)
2. Capturing NTLM hashes which are cached credentials that can be re-submitted to the same server or handed to another server in the network to authenticate without even decrypting the password itself
3. Brute-forcing SMB login credentials. Especially where MFA is missing, guessing passwords can force entry to a server

‍

Ports 80, 443, 8080 and 8443 (HTTP and HTTPS)

• HTTP and HTTPS are the hottest protocols on the internet, so they’re often targeted by attackers. They are especially vulnerable to cross-site scripting, SQL injections, cross-site request forgeries and DDoS attacks.

‍

SMB (port 445)

• This port is used for the Server Message Block protocol, which is used for file sharing and other network services. SMB is often targeted by attackers due to known vulnerabilities in the protocol, such as the one exploited by the WannaCry ransomware in 2017.

‍

Ports 1433, 1434 and 3306 (used by databases)

• These are the default ports for SQL Server and MySQL. They are used to distribute malware or are directly attacked in DDoS scenarios. Quite often, attackers probe these ports to find unprotected databases with exploitable default configurations.

‍

RDP (port 3389)

• This port is used for the Remote Desktop Protocol, which allows remote access to systems. RDP has been targeted by various campaigns due to its susceptibility to brute-force attacks and exploitation of known vulnerabilities.

‍

Checklist

Follow this checklist to secure your ports.

‍

Identify open ports

• Use a tool such as netstat or a port scanning tool to identify which ports are open on your system. To use netstat on a Windows system, open a command prompt and type "netstat -a". On a Unix-based system (such as Linux or macOS), you can use the command "netstat -l". This will list all open ports on the system.

‍

Close unnecessary ports

• If there are any ports open that are not required for the proper functioning of your system, close them. This can help prevent unauthorised access to your system through these ports. To close a port, you will need to use a tool or service that is listening on that port and disable it. For example, if you have a web server running on port 80, you can stop the web server from closing that port.

‍

Configure firewalls

• Configure your firewalls to block all incoming traffic on unnecessary ports. This can help prevent malicious actors from accessing your system through these ports.

‍

Update software

• Keep all software and operating systems up to date to ensure that any vulnerabilities are patched. This can help prevent attackers from exploiting known vulnerabilities in outdated software.

‍

Use secure protocols

• Use secure protocols such as SSH and HTTPS when transmitting sensitive data over open ports. These protocols encrypt data transmitted over the network, making it more difficult for attackers to intercept and read sensitive data.

‍

By following this checklist, you can help secure the ports on your computer or network and protect against unauthorised access. It's important to regularly review your port configuration and update it as needed to ensure that your system remains secure.