One of the reasons business leaders struggle to understand cybersecurity risk is that the technical terminology often feels outside their wheelhouse. Organizational leaders understand the impact of data breaches but reading about how cybercriminals infiltrate networks can feel like listening to a different language. For example, a Distributed Denial of Service (DDoS) attack is when cybercriminals use botnets to send so much information to a network that it crashes, leading to downtime as well as potential infiltration. However, to mitigate the risk of these attacks, you need to understand what ports are, why cybercriminals use them, and how to secure risky open ports.
What are network ports?
Physical ports are the areas on a device that connect it to other hardware. For example, a USB-C, headphone jack, and HDMI connector are all physical ports that enable different devices to “talk” to each other electronically.
Network ports enable devices to talk to one another remotely over the internet, directing how information flows to a computer from the internet or another program. In other words, network ports are basically like gates that allow information to flow into a network. Using Transport Layer protocol such as Transmission Control Protocol (TCP) and User Diagram Protocol (UDP), devices can exchange data across the internet.
While these sound extremely technical, you probably already have some experience with them. For example, if you’ve ever set up a home router, you’ve likely seen the term TCP/IP or Dynamic Host Configuration Protocol (DHCP) which allows the device to talk to the internet.
The short answer? While the term “network ports” may sound technically intimidating, they basically act as a gateway for devices, programs, and networks to share information and talk to one another.
Why are network ports risky?
Open network ports enable organizations to adopt cloud strategies. Devices need to talk to systems, software, and networks as part of digital transformation. However, each port is technically a small gateway into an organization’s IT stack.
A good way to think about ports being risky or secure is to think about a fence around a house. Every fence has a gate. That gate can be locked or open. If you leave the gate open, then anyone can enter your yard and your house is at risk. If you lock the gate, only the right people can come into your yard, better securing your home.
Network ports work the same way. Although every IP address can have up to 65,353 different ports, most of them are named by number and know by cybercriminals. For example, the following is a list of known ports and the services they enable:
- Port 80 for web traffic (HTTP)
- Ports 20, 21 for File Transfer Protocol (FTP)
- Port 25 for Simple Mail Transfer Protocol (SMTP)
- Port 53 for Doman Name System (DNS)
- Port 110 for Post Office Protocol (POP3)
If you ever forwarded mail from one email address to another or set up an email address in a mail application, you have probably already seen either SMTP or POP3. These ports are how the email gets to a device.
Since like a fence gate around a house these ports are public-facing, cybercriminals often look to use them to get into networks. Just like a burglar tries to open unlocked gates, cybercriminals look to use open ports. Once they know what ports are open, they send a barrage of information to them using a botnet, or a large number of victim computers connected across the internet, similar to trying to squeeze 100 people through a fence gate. This traffic overwhelms the network and means it can no longer support business operations.
How to secure risky ports?
Just like understanding what makes a port risky can seem overly technical, so can securing them. However, similarly, security controls exist that make sense once someone explains them.
Identify open ports
You can’t secure what you don’t know needs to be secured. The first step to securing risky ports is scanning your IT stack, including applications and any network-connected devices, to learn what ports are open and whether the configurations are appropriate.
Understand port usage
Most organizations do not need to have every port on every IP address open. Many scanning tools used to detect open ports also supply information about whether the open ports are being used.
Know what services use ports
Different services will connect to different ports on your network. As part of understanding port usage, you want to learn what processes or protocols are using the port. If your system admin finds a process or protocol that she does not recognize, it might indicate a security vulnerability.
Close the riskiest ports
Both the SANS Intrusion Detection FAQ and the Internet Assigned Number Authority (IANA) offer information about what services use which ports and which ports cybercriminals target. With this information, you can better secure risky ports while leaving the ones necessary to business operations functional.
SecurityScorecard enables organizations to secure risky open ports
SecurityScorecard’s security ratings platform gives you an outside-in view of your IT ecosystem, including your network security. Our artificial intelligence (AI) and machine learning (ML) analytics scan your network for open access points, insecure or misconfigured SSL certificates, or database vulnerability that can lead to a DDoS attack.
Our easy-to-read A-F security ratings create a common language so that IT and business leaders can more purposefully understand, discuss, and mitigate cybersecurity risks across complex, interconnected IT ecosystems.
