Network ports are what computers use to communicate between one another. Each port has a numeric value between 1 and 65535, but some of those port numbers are standardized. For example, webservers typically run on port 80 and port 443. However, attackers also know what ports weak or vulnerable services typically run on as well. In this article, we’ll discuss closing those open ports that either don’t need to be open to the world or are used vulnerable services.
Note: The instructions provided here will not work in shared hosting environments. You’ll need to contact your provider if you’re using a shared host.
Detecting Open Ports
There are a few ways to detect open ports on a system. We’ll discuss three methods here.
Coalition Insureds have free access to BinaryEdge – an enterprise Internet scanning tool. Binary Edge makes this process simple. To check what data already exists about your IP address, simply log in to your BinaryEdge portal and enter your IP address into the Host screen, then click Search.
This action will return ports based on data already collected by BinaryEdge scans. You can also use BinaryEdge to perform an updated active scan.
Navigate to the Scan screen and select New Scan
2. Select Simple, give your scan job a title, enter the IP address, and select Submit
When the scan is complete, you’ll have a list of all open ports.
NMAP is an IT networking tool designed to look for open network ports. This is a technical application that should be used by engineers. After installing nmap, simply type nmap ipaddress from a remote network (to detect ports from the outside).
The open ports are listed in the output, along with the name of the service this port is most commonly related to.
Netstat is an internal command that will show open ports on a computer. This will show what ports are open on the computer/server, but not necessarily open to the Internet. To check which ports are open to the internet, you’ll want to use one of the previous methods. However, with the proper option, Netstat will show you what service is using a specific ports. Simply type netstat -nlp to see open ports and services.
Closing Network Ports
There are two primary methods for closing network ports: (1) Disabling the service or (2) Firewalling the service.
Disabling the Service
This is typically the most straightforward remediation when it’s possible. Services that don’t need to be running shouldn’t be running. This will vary by operating system but be sure that (1) you know the impact of disabling the service and (2) once disabled correctly, the service will remain disabled after reboot.
Firewalls should generally follow the rule of Deny-All-Permit-By-Exception (DAPE) principal. In general, you shouldn’t let any inbound connections to your network that you don’t specifically authorize. There are a few ways to do this:
Network Firewall Rules. Using your network firewall, remove all rules that allow inbound network access. This is specific to each firewall vendor, but generally an easy process. (Always backup your firewall configuration)
Disable UPNP on Firewall. Many consumer firewalls come with a feature called UPNP enabled. This feature allows computers on your network to automatically open network ports. This is dangerous in most business environments and should be disabled. (Note: This requires testing after enabling to make sure all your services still work as intended)
Enable Host-Based Firewall. Depending on your operating system, you’ll want to enable the firewall on your computer/server in the same way you would for a network firewall. In Windows, you can use the Windows Firewall and in Mac Firewall.
As a matter of best-practice, you want to enable BOTH a network firewall and a host-based firewall. This is called Defense in Depth, as it prevents a change in the network from inadvertently exposing the server (and vice-versa).
Enabling firewall rules will block external services – by design – and requires caution and testing. Please seek the advice of an IT professional if you are unsure of how to proceed.
For more information on this topic please reach out to us; We’re here to help!