Posted on Oct 21, 2020
One of the reasons business leaders struggle to understand cybersecurity risk is that the technical terminology often feels outside their wheelhouse. Organizational leaders understand the impact of data breaches but reading about how cybercriminals infiltrate networks can feel like listening to a different language. For example, a Distributed Denial of Service (DDoS) attack is when cybercriminals use botnets to send so much information to a network that it crashes, leading to downtime as well as potential infiltration. However, to mitigate the risk of these attacks, you need to understand what ports are, why cybercriminals use them, and how to secure risky open ports.
Physical ports are the areas on a device that connect it to other hardware. For example, a USB-C, headphone jack, and HDMI connector are all physical ports that enable different devices to “talk” to each other electronically.
Network ports enable devices to talk to one another remotely over the internet, directing how information flows to a computer from the internet or another program. In other words, network ports are basically like gates that allow information to flow into a network. Using Transport Layer protocol such as Transmission Control Protocol (TCP) and User Diagram Protocol (UDP), devices can exchange data across the internet.
While these sound extremely technical, you probably already have some experience with them. For example, if you’ve ever set up a home router, you’ve likely seen the term TCP/IP or Dynamic Host Configuration Protocol (DHCP) which allows the device to talk to the internet.
The short answer? While the term “network ports” may sound technically intimidating, they basically act as a gateway for devices, programs, and networks to share information and talk to one another.
Open network ports enable organizations to adopt cloud strategies. Devices need to talk to systems, software, and networks as part of digital transformation. However, each port is technically a small gateway into an organization’s IT stack.
A good way to think about ports being risky or secure is to think about a fence around a house. Every fence has a gate. That gate can be locked or open. If you leave the gate open, then anyone can enter your yard and your house is at risk. If you lock the gate, only the right people can come into your yard, better securing your home.
Network ports work the same way. Although every IP address can have up to 65,353 different ports, most of them are named by number and know by cybercriminals. For example, the following is a list of known ports and the services they enable:
If you ever forwarded mail from one email address to another or set up an email address in a mail application, you have probably already seen either SMTP or POP3. These ports are how the email gets to a device.
Since like a fence gate around a house these ports are public-facing, cybercriminals often look to use them to get into networks. Just like a burglar tries to open unlocked gates, cybercriminals look to use open ports. Once they know what ports are open, they send a barrage of information to them using a botnet, or a large number of victim computers connected across the internet, similar to trying to squeeze 100 people through a fence gate. This traffic overwhelms the network and means it can no longer support business operations.
Just like understanding what makes a port risky can seem overly technical, so can securing them. However, similarly, security controls exist that make sense once someone explains them.
You can’t secure what you don’t know needs to be secured. The first step to securing risky ports is scanning your IT stack, including applications and any network-connected devices, to learn what ports are open and whether the configurations are appropriate.
Most organizations do not need to have every port on every IP address open. Many scanning tools used to detect open ports also supply information about whether the open ports are being used.
Different services will connect to different ports on your network. As part of understanding port usage, you want to learn what processes or protocols are using the port. If your system admin finds a process or protocol that she does not recognize, it might indicate a security vulnerability.
Both the SANS Intrusion Detection FAQ and the Internet Assigned Number Authority (IANA) offer information about what services use which ports and which ports cybercriminals target. With this information, you can better secure risky ports while leaving the ones necessary to business operations functional.
SecurityScorecard’s security ratings platform gives you an outside-in view of your IT ecosystem, including your network security. Our artificial intelligence (AI) and machine learning (ML) analytics scan your network for open access points, insecure or misconfigured SSL certificates, or database vulnerability that can lead to a DDoS attack.
Our easy-to-read A-F security ratings create a common language so that IT and business leaders can more purposefully understand, discuss, and mitigate cybersecurity risks across complex, interconnected IT ecosystems.
Check out our list of 3 top third party risk management (TPRM) challenges, and the actions you can take to bolster your program. Learn more.
Performing cybersecurity risk assessments is a key part of any organization’s information security management program. Read our guide.
Templates and vendor evaluations are needed to level that playing field, in a time efficient and fair way, so that the best vendors are chosen.
Co-founder and CEO, Alex Yampolskiy, speaks about the importance of measuring and acting on key indicators of cybersecurity risk.
You’ve invested in cybersecurity, but are you tracking your efforts? Check out our list of 20 cybersecurity KPIs you should track. Read more.
No waiting, 100% Free
Get your free scorecard and learn how you stack up across 10 risk categories. Answer a few simple questions and we'll instantly send your score to your business email.