Open Ports, Protocols and Services Hardening
System Hardening is the process of securing a system’s configuration and settings to reduce its vulnerability and the possibility of being compromised. This can be done by reducing the attack surface and attack vectors which attackers continuously try to exploit for purpose of malicious activity.
In order to be effective, it’s best to leverage a methodology and best practice approach that can help prioritize and provide a prescriptive guidance to hardening. The Center for Internet Security’s CIS Control #9 does just that for the management of ports, protocols, and services (PPS) on devices that are a part of your network.
The entwined relationship between services, protocols and ports is important to understand – you can’t have one without the others. NNT delivers a unique solution that addresses CIS Control #9 in addition to many of the other critical controls.
This guide will help the reader to understand:
- Why the control of open ports, protocols and services is an essential cybersecurity control
- Which open ports and protocols are viewed as safe for any network, and which are considered unsafe?
- How do you detect open ports and protocols on your network?
- Port Monitoring: How to identify which services and applications are using which ports and protocols?
- What to do if you need to remove open ports, protocols and/or services from your systems
"Attackers search for remotely accessible network services that are vulnerable to exploitation. Common examples include poorly configured web servers, mail servers, file and print services, and Domain Name System (DNS) servers installed by default on a variety of different device types, often without a business need for the given service. Many software packages automatically install services and turn them on as part of the installation of the main software package without informing a user or administrator that the services have been enabled. Attackers scan for such services and attempt to exploit these services, often attempting to exploit default user IDs and passwords or widely available exploitation code.” - CIS
The CIS Controls have been formulated to provide clarity and guidance for the bewildering array of security tools and technology, security standards, training, certifications, vulnerability databases, guidance, best practices and compliance mandates. The goal is to answer the fundamental questions regarding security:
What are the most critical areas we need to address and how should an enterprise take the first step to mature their risk management program?
Rather than chase every new exceptional threat and neglect the fundamentals, how can we get on track with a roadmap of fundamentals and guidance to measure and improve?
Which defensive steps have the greatest value?
Most GRC standards outline the need for security best practices to be implemented, supported by strong processes and procedures. However, few if any provide any real detail on what is actually expected, recommended or proven to be effective. On the one hand, this generalized and non-prescriptive guidance is unavoidable since every organization is set-up differently. With varying levels of risk to consider, the appropriate level of cybersecurity defense measures and data protection will necessarily be different for everyone. However there is still a base-level of security practices that everyone should embrace and assimilate into their core IT operations, and this is where the CIS Controls really prove their value.
The first six CIS Controls (Basic) are the most critical to implement and manage. NNT’s products uniquely align with the requirements of these "Basic" controls by providing a suite of products that address each of the controls' requirements.
CIS Control #9 is focused on limiting the external attack surface of a system. NNT addresses potential vulnerability and risk by providing feature/functionality that specifically aligns with Limitation and Control of Network Ports, Protocols, and Services.
NNT rounds out its CIS Controls value add by delivering additional functionality that augments CIS Control 18 and 20.
Speak to a consultant to learn how NNT automates the CIS Controls - Contact Us
- CIS Control 1: Inventory and Control of Hardware Assets
- CIS Control 2: Inventory and Control of Software Assets
- CIS Control 3: Continuous Vulnerability Management
- CIS Control 4: Controlled Use of Administrative Privileges
- CIS Control 5: Secure Configuration for Hardware and Software on Mobile Devices, Laptops, Workstations and Servers
- All CIS Controls articles
Change Tracker Gen 7R2: Complete configuration and system integrity assurance combined with the most comprehensive and intelligent change control solution available.
Fast Cloud: Leverage the world’s largest whitelist repository to automatically evaluate and verify the authenticity of file changes in real-time with NNT FAST™ (File Approved-Safe Technology)
Vulnerability Tracker: The world’s only limitless and unrestricted vulnerability scanning solution with unparalleled accuracy and efficiency, protecting your IT assets on premises, in the cloud and mobile endpoints.
Log Tracker: Comprehensive and easy to use security information & event log management with intelligent & self-learning correlation technology to highlight potentially harmful activity in seconds