Open Ports, Protocols and Services Hardening

System Hardening is the process of securing a system’s configuration and settings to reduce its vulnerability and the possibility of being compromised. This can be done by reducing the attack surface and attack vectors which attackers continuously try to exploit for purpose of malicious activity.

In order to be effective, it’s best to leverage a methodology and best practice approach that can help prioritize and provide a prescriptive guidance to hardening. The Center for Internet Security’s CIS Control #9 does just that for the management of ports, protocols, and services (PPS) on devices that are a part of your network.

The entwined relationship between services, protocols and ports is important to understand – you can’t have one without the others. NNT delivers a unique solution that addresses CIS Control #9 in addition to many of the other critical controls.

Download NNT's Guide to
Hardening Ports, Protocols & Services

This guide will help the reader to understand:

  • Why the control of open ports, protocols and services is an essential cybersecurity control
  • Which open ports and protocols are viewed as safe for any network, and which are considered unsafe?
  • How do you detect open ports and protocols on your network?
  • Port Monitoring: How to identify which services and applications are using which ports and protocols?
  • What to do if you need to remove open ports, protocols and/or services from your systems

"Attackers search for remotely accessible network services that are vulnerable to exploitation. Common examples include poorly configured web servers, mail servers, file and print services, and Domain Name System (DNS) servers installed by default on a variety of different device types, often without a business need for the given service. Many software packages automatically install services and turn them on as part of the installation of the main software package without informing a user or administrator that the services have been enabled. Attackers scan for such services and attempt to exploit these services, often attempting to exploit default user IDs and passwords or widely available exploitation code.” - CIS

CIS Controls Background

The CIS Controls have been formulated to provide clarity and guidance for the bewildering array of security tools and technology, security standards, training, certifications, vulnerability databases, guidance, best practices and compliance mandates. The goal is to answer the fundamental questions regarding security:


What are the most critical areas we need to address and how should an enterprise take the first step to mature their risk management program?


Rather than chase every new exceptional threat and neglect the fundamentals, how can we get on track with a roadmap of fundamentals and guidance to measure and improve?


Which defensive steps have the greatest value?

Most GRC standards outline the need for security best practices to be implemented, supported by strong processes and procedures. However, few if any provide any real detail on what is actually expected, recommended or proven to be effective. On the one hand, this generalized and non-prescriptive guidance is unavoidable since every organization is set-up differently. With varying levels of risk to consider, the appropriate level of cybersecurity defense measures and data protection will necessarily be different for everyone. However there is still a base-level of security practices that everyone should embrace and assimilate into their core IT operations, and this is where the CIS Controls really prove their value.

CIS Controls & NNT

cis controls basic

The first six CIS Controls (Basic) are the most critical to implement and manage. NNT’s products uniquely align with the requirements of these "Basic" controls by providing a suite of products that address each of the controls' requirements.

CIS Control #9 is focused on limiting the external attack surface of a system. NNT addresses potential vulnerability and risk by providing feature/functionality that specifically aligns with Limitation and Control of Network Ports, Protocols, and Services.

cis controls foundational

cis controls org

NNT rounds out its CIS Controls value add by delivering additional functionality that augments CIS Control 18 and 20.

Speak to a consultant to learn how NNT automates the CIS Controls - Contact Us

The Most Powerful & Reliable Cybersecurity Products

change tracker gen7r2 logo

Change Tracker Gen 7R2: Complete configuration and system integrity assurance combined with the most comprehensive and intelligent change control solution available.

FAST Cloud logo

Fast Cloud: Leverage the world’s largest whitelist repository to automatically evaluate and verify the authenticity of file changes in real-time with NNT FAST™ (File Approved-Safe Technology)

vulnerability tracker logo

Vulnerability Tracker: The world’s only limitless and unrestricted vulnerability scanning solution with unparalleled accuracy and efficiency, protecting your IT assets on premises, in the cloud and mobile endpoints.

log tracker logo

Log Tracker: Comprehensive and easy to use security information & event log management with intelligent & self-learning correlation technology to highlight potentially harmful activity in seconds

Next Steps

Are you ready to get started in securing your IT environment with
industry-approved foundational controls, intelligent change control and automation?

Contact Us

USA Offices

New Net Technologies LLC
4850 Tamiami Trail, Suite 301
Naples, Florida, 34103

New Net Technologies LLC
1175 Peachtree St NE
Atlanta, Georgia, 30361.

Tel: (844) 898-8358
[email protected]


UK Office

New Net Technologies Ltd
The Russell Building, West Common
Harpenden, Hertfordshire

Tel: 020 3917 4995
 [email protected]

SC Magazine Cybersecurity 500 CSGEA Winners 2021 CIS benchmarking SEWP Now Certified IBM Security
Copyright 2022, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.