In Information Technology, the term port refers to an access point for transferring data. However, the software port can have different purposes and mostly corresponds to the Internet protocols TCP and UDP, which have different particularities.
In this article, we discuss secure and insecure ports and show how you can secure these access points. Follow!
In the area of Information Technology there are several terms and nomenclatures. Among them, we highlight the ports, which can be software or hardware. These ports are comprised of important protocols that perform various functions such as I/O processing and data transfer.
In practice, there is a large number of ports, characterized by their functions and a number, which allows classifying them between the protocols that make up UDP and TCP.
In this article, we cover secure and unsecured ports and how to secure them. To make your reading more enjoyable, we have divided our text into the following topics:
1. What are network ports?
2. What are risky network ports?
3. What is the most secure port?
4. Is port 443 a security risk?
5. Is port 8080 vulnerable?
6. How to secure insecure ports ?
7. How to detect open ports on the network?
8. How to ensure port security?
9. About senhasegura
10. Conclusion
1. What are network ports?
Physical ports allow connection between different devices such as headphones, USB-C and HDMI connector. Network ports, on the other hand, allow remote connection between devices, directing information to a computer via the internet.
In practice, network ports allow devices to exchange data over the Internet using transport layer protocols such as Transmission Control Protocol (TCP) and User Diagram Protocol (UDP).
While this is a complex topic, most people have had some experience with network ports, for example when configuring a home router.
In short, they act as a gateway for devices, programs, and networks to share information with each other.
2. What are risky network ports?
These are the ports most targeted by attackers:
- Ports 137 and 139 (NetBIOS over TCP) and 445 (SMB)
- Port 22 (SSH)
- Port 53 (DNS)
- Port 25 (SMTP)
- Port 3389 (remote desktop)
- Ports 80, 443, 8080 and 8443 (HTTP and HTTPS)
- Ports 20 and 21 (FTP)
- Port 23 (Telnet)
- Ports 1433, 1434 and 3306 (used by databases)
Check each one out in detail:
- Ports 137 and 139 (NetBIOS over TCP) and 445 (SMB)
Server Message Block uses ports 137 and 139 indirectly and port 445 directly. Hackers can exploit these ports using the EternalBlue exploit through SMBv1 vulnerabilities in Microsoft computers, capturing NTLM hashes, or using brute force SMB login credentials.
- Port 22 (SSH)
Port 22 is a TCP port, which can be exploited by attackers using brute force credentials or leaked SSH keys.
- Port 53 (DNS)
Port 53 is a UDP and TCP port for queries and transfers vulnerable to DDoS attacks.
- Port 25 (SMTP)
This port is used to receive and send emails. Without the right configuration and protection, it becomes vulnerable to spam and spoofing.
- Port 3389 (Remote Desktop)
This port is used by hackers to probe for leaked or weak user authentication. The most commonly used type of attack involves remote desktop vulnerabilities.
- Ports 80, 443, 8080 and 8443 (HTTP and HTTPS)
As the most popular internet protocols, HTTP and HTTPS tend to be targeted by malicious actors. Their actions often involve SQL injections, cross-site scripting, DDoS attacks, and request forgery.
- Ports 20 and 21 (FTP)
Port 20 and port 21 allow users to send and receive files from servers. These are outdated and insecure FTP ports that can encourage brute-force password attacks, cross-site scripting, anonymous authentication, and directory traversal attacks.
- Port 23 (Telnet)
Port 23 is known for connecting users to remote computers. In most cases, Telnet has been replaced by SSH, but some websites still use it. Being outdated, it can facilitate attacks such as brute force of credentials, forgery and detection of access data.
- Ports 1433, 1434 and 3306
These ports are used in DDoS attacks or to spread malware. Hackers often probe these ports to find unprotected databases and exploit them.
3. What is the most secure port?
No port is completely secure, and what determines the risk is how it is managed. The protocol used to communicate through a port, service or application needs constant security updates and timely bug fixes.
4. Is port 443 a security risk?
As we mentioned earlier, port 443 is part of the HTTPS protocol, being one of the paths that allow access to data packets. This port is vulnerable to SQL injections, cross-site scripting, DDoS attacks, and cross-site request forgery.
5. Is port 8080 vulnerable?
Like port 443, port 8080 is also vulnerable to SQL injections, cross-site scripting, DDoS attacks, and cross-site request forgery.
6. How to secure insecure ports
If your goal is to secure open ports, the first thing to do is use ports that encrypt traffic to make it harder for hackers to access sensitive data.
It is also necessary to define when to keep a port open, as the more ports open, the greater the attack surface and the risk of compromise due to factors such as failures and misconfigurations.
Open ports must be protected by a modern firewall or other device that allows filtering the traffic that connects to them, ensuring that the communication is valid and preventing malicious actions.
In addition, they must be segmented. Thus, if a hacker compromises the open network port, it will be possible to contain their actions.
Enterprises should also protect passwords used to authenticate services at the ports, never use clear text protocols, and always adopt strong password policies to avoid credential compromise.
Finally, it is imperative to make sure that the technologies that listen and respond on the open port are patched and that security updates have been performed. This is because malicious actors tend to look for vulnerabilities to compromise an open port.
7. How to detect open ports on the network?
As you’ve seen, cybercriminals find many ways to exploit open ports. The good news is that you can detect open ports on your network through port scanning.
From this feature, it is possible to identify which ports are open in a given network, being vulnerable to sending and receiving data. It is also possible to send packets to certain ports and detect vulnerabilities by analyzing the responses.
There are different ways to find vulnerabilities in a network, among them we can highlight:
- Use command line tools capable of showing all active TCP connections on your computer, including open ports. These features include Netstat and Network Mapper or Nmap.
- Using computer programs known as port scanners, which identify whether ports are open, closed, or filtered. In practice, a port scanner is able to broadcast a network request to connect to a given port, capturing its response later.
- Use vulnerability scanners, which make it possible to detect ports configured with a standard or open password.
8. How to ensure the security of the ports?
Here are some tips to ensure door security:
- Perform port scanning regularly to catch problems as soon as they arise. Regular monitoring will still let you know which ports are most vulnerable to cyberattacks.
- Prioritize monitoring services, which allow you to gather details of the running states of installed programs and track changes in service configurations, which are vulnerable when not properly configured.
- Disable ports you are not using to protect your data from malicious actors.
- Perform port traffic filtering to block or allow incoming and outgoing packets on your network based on their port number. This can prevent cyberattacks related to certain ports. However, many organizations use traffic filtering only for the most frequently vulnerable ports.
- Install firewalls on hosts and patch them regularly to prevent hackers from using your ports to access data.
- Monitor open port vulnerabilities through penetration tests and assessments that allow you to identify which software or devices have opened ports and test all known insecurities.
9. About senhasegura
We at senhasegura are part of the MT4 technology group, founded in 2001 to operate in the area of information security. We serve organizations in more than 50 countries, offering an excellent and internationally recognized service.
We believe in the importance of digital sovereignty and our main commitment is to guarantee this right to the companies that hire us.
Therefore, we work to prevent theft and leakage of information and the traceability of devices, databases, network administrators and servers.
In addition, we seek compliance with auditing requirements and the most demanding standards, including PCI DSS, Sarbanes-Oxley, ISO 27001 and HIPAA.
Our goals are:
- Perform automatic audits of privilege usage
- Provide more productivity to organizations, preventing their operations from being interrupted due to expiration
- Provide advanced PAM features
- Automatically audit privileged changes to identify abuse
- Reduce risks quickly
- Ensure customer satisfaction through successful deployments
10. Conclusion
In this article, you saw that:
- Ports are composed of important protocols that perform various functions, such as I/O processing and data transfer
- Physical ports allow connection between different devices, such as headphones
- Network ports allow remote connection between devices
- They act as a gateway for devices, programs, and networks to share information with each other
- Ports most targeted by attackers include ports 443 and 8080 (HTTP and HTTPS)
- No port is 100% secure and what determines the risk of a port is the way it is managed
- To protect open ports, it is essential to use ports that encrypt traffic in order to make it difficult for hackers to access sensitive information
- It is also important to define when to keep a port open, since the more ports open, the greater the attack surface
- You can detect open ports on your network through port scanning
- There are different ways to find vulnerabilities in a network, among them: using command line tools, port scanners and vulnerability scanners
- To ensure port security, it is recommended to perform port scanning regularly, prioritize monitoring services, disable ports that are not being used, and perform port traffic filtering in order to block or allow incoming and outgoing packets on the network
- It is also essential to install firewalls on hosts and patch firewalls regularly, and to monitor open port vulnerabilities through penetration testing and vulnerability assessments
Source: senhasegura-Blog
Sie haben Fragen? Ihr Ansprechpartner für D/A/CH
Do you have any questions? Your contact person for D/A/CH
