Make sure your ports are covered!
By Robbie Adair, PS LIGHTWAVE Consultant:
In this data-driven and IoT world, businesses have to take network security very seriously, re-evaluating and checking their current policies and procedures often. There are many steps to setup and then maintain a secure network. First is obviously the physical security, such as the servers, cabling, and devices. Who has access, where they are housed for protections against the elements, and power supplies are some of the major items to be considered on a physical network. Second is the non-physical part of the network, the “unseen” structure that allows for business to be conducted with internal and external employees and clients of the company. This non-physical side of the network is more often wrongly configured policies that need to be scrutinized, as digital space is the most likely source for security breaches.
Firewalls, Services, and Ports, Oh My
On the non-physical part of the network, there are three basic parts to analyze – firewalls, services, and ports. Services run on computers and networks through ports, and firewalls are used to enforce security policies about which services are allowed to move through which ports. The term “port” in this instance is referring to network ports, not the physical ones found on switches, but rather virtual ports that are part of the Internet Protocol. There are many types of services, but some of the most common services used in business networks would be:
- HTTP(s) – for Internet connections
- SMTP – for email
- FTP – for transferring files
- DNS – for converting domain names to Internet addresses
- Telnet, SSH, RDP, & VNC – for remote access
The network administrator may need to set up port forwarding to send the ports through a firewall, so they can be configured and services assigned. Port numbers relate to network IP addresses, working like telephone extensions. For example, a company may have a main IP address (188.8.131.524) to the outside world, but services run on different ports, like a website in a browser will be coming through port 80 (184.108.40.2064:80) and email will be coming through port 25 (220.127.116.114:25) simultaneously.
I’m Listening, Is Anybody Out There?
Ports And Ports, As Far As The Eye Can See…
Configuring ports may sound simple since they are either listening or not, but it gets a little more complex when taking into consideration the number of ports to manage. There are 65,535 total ports, and 1,023 of those ports are considered well known and assigned to certain services. Since 1972 there have been agreed upon standards being created, The Internet Assigned Number Authority (IANA), a subset of ICANN, now maintains the standard for port/service assignments that can be viewed on their website, https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml.
As ports are opened for services, a good network administrator will make sure they are following the standards for easier communication between them and the rest of the world.
Batten Down The Hatches, There Be Hackers
So, in the scheme of networks, ports are one of the easiest ways for hackers to breach networks. They are counting on the fact that many people are confused or even clueless about ports, and unfortunately, they are often correct. Here are some highly recommended steps that network administrators can take to make sure their firewalls and network are prepared and configured properly:
- Regularly scan your network to see what ports are found open and listening.
- Check your firewall / network traffic logs to see what ports are being used.
- Close ports if you are unsure about them. You can always re-open them if they are needed.
- For larger companies or more advanced network administrators, you should learn about egress filtering for more complex restrictions.
Of course, network security is complex; there are more areas that need to be explored and learned, such as router settings, network gateways, and user/group permissions. But a clear understanding of the simple act of keeping ports closed that aren’t being used is a major step in keeping a business network secure.