Can Dogan
Can Dogan
Technical Support Engineer
NNT - New Net Technologies

IT Services rely on an individual port assigned to them in order to receive and transmit information, therefore, it’s imperative that an organization keeps track of what ports are open within their IT environment, the function of the port and what services it’s associated with.

Detecting and disabling unwanted ports is part of an ongoing hardening process. This control is specifically mandated by the NERC CIP requirements for the security of North America's bulk electric system and is also recommended by the Center for Internet Security (CIS), specifically in the foundational control CIS Control 9: Limitation and Control of Network Ports, Protocols and Services.

In this blog, I’ll be highlighting why it’s important to track open ports, what dangers open ports present to your organization and how to track, control and correct open ports using NNT Change Tracker Gen7 R2.

Open Ports

Open Ports - A Vulnerability in Disguise

Open ports can become dangerous when services are exploited through security vulnerabilities or malicious services that are launched into the system via malware. The services using the ports can be unpatched, misconfigured, and ultimately, left vulnerable to potential exploits. Cybercriminals could leverage those services with open ports in order to steal sensitive company and customer data. Simply put, keeping unused ports shut reduces the level of security risk an organization is exposed to.

There are several solutions on the market that can help you achieve this, but in this example, I’ll demonstrate how using NNT Change Tracker Gen7 R2. Change Tracker is a great tool to track open ports and protocols, with the ability to provide users with scan results listing all devices with their open protocols and ports. This will display as an event within Change Tracker, and when expanded, displays all the open ports on a server. Below is a screenshot of all the open ports on a server. With the information collected, users have the ability to investigate and determine if those open ports are malicious in their environment.

Open Ports

Open Ports

How to Determine What Services to Disable

Did you know that Windows operating systems have over 200 services installed? As you may have guessed, determining which of these services can be safely disabled or removed in order to eliminate unwanted open ports without affecting the required functionality is not as simple as it seems.

Change Tracker can help your organization determine this using our CIS-Certified Compliance reports to demonstrate exactly which services need to be disabled or removed on your systems. As a CIS-certified vendor, NNT provides our customers with an extensive library of CIS-certified compliance reports for a wide variety of platforms, including Windows Servers and Desktops, Linux servers including Redhat, Centos, Ubuntu, Debian, databases such as SQL and Oracle, and many more.

With the CIS Benchmarks report, Change Tracker is able to investigate hundreds of system settings including important services. If the setting matches the CIS guideline, the setting will be marked as Passed in the report; if the settings do not match then a Fail will be displayed. Should the setting fail, the report’s remediation text will clearly state instructions on how to secure the setting.

For example, the services related rule as seen below recommends that the Bluetooth Support Service be set to disabled. The rationale informs us that Bluetooth technology has inherent security risks and wireless Bluetooth traffic is not well encrypted, hence it should be disabled.

Open Ports

I ran a Windows compliance report against my system and found out that Bluetooth Support Service was not disabled, the check has correctly been Failed. As a result, we can see remediation text on how to get this rule to Pass to help keep the system secured and up to CIS security standards.

Open Ports

Once I applied the remediation, I ran the same report again on Change Tracker to see if the rule had been set correctly. Below we can see a Pass mark, meaning that the Bluetooth Support Service has successfully been disabled, meeting the CIS security standards.

Open Ports

As mentioned earlier, a compliance report has hundreds of security rules within it. As a result, it can be very time consuming to remediate all of the rules individually. Fortunately, NNT provides customers with CIS Build Kits that contain pre-configured group policies for Windows machines and a script for Linux servers that match the recommended configurations of the CIS Benchmarks.


In conclusion, open ports and unneeded services can significantly increase your organisations risk of a data breach or an unwanted security incident. However, by performing regular port scans and continuously monitoring your hardened posture by using tools like NNT Change Tracker, you’ll be provided with valuable insight and help reduce your attack surface. To learn more about open port hardening and how to get started, download our Security Control eGuide: Hardening Open Network Ports, Protocols and Services.

The Most Powerful & Reliable Cybersecurity Products

change tracker gen7r2 logo

Change Tracker Gen 7R2: Complete configuration and system integrity assurance combined with the most comprehensive and intelligent change control solution available.

FAST Cloud logo

Fast Cloud: Leverage the world’s largest whitelist repository to automatically evaluate and verify the authenticity of file changes in real-time with NNT FAST™ (File Approved-Safe Technology)

vulnerability tracker logo

Vulnerability Tracker: The world’s only limitless and unrestricted vulnerability scanning solution with unparalleled accuracy and efficiency, protecting your IT assets on premises, in the cloud and mobile endpoints.

log tracker logo

Log Tracker: Comprehensive and easy to use security information & event log management with intelligent & self-learning correlation technology to highlight potentially harmful activity in seconds

Contact Us

Corporate Headquarters

6160 Warren Parkway, Suite 100
Frisco, Texas, 75034

Phone 1: 1-949-407-5125

Phone 2: 888-638-9749 (toll-free)

[email protected]

United Kingdom

5 New Street Square
London EC4A 3TW

Phone: +44 (0) 203 588 3023

 [email protected]
SC Magazine Cybersecurity 500 CSGEA Winners 2021 CIS benchmarking SEWP Now Certified IBM Security
Copyright 2024, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.