blog.netwrix.com
Open in
urlscan Pro
34.225.16.182
Public Scan
URL:
https://blog.netwrix.com/2022/08/04/open-port-vulnerabilities-list/
Submission: On May 12 via manual from US — Scanned from DE
Submission: On May 12 via manual from US — Scanned from DE
Form analysis 4 forms found in the DOM
GET https://blog.netwrix.com/
<form class="navbar-form search-form search-form-js" method="get" action="https://blog.netwrix.com/" role="search">
<div class="form-group has-feedback">
<img src="data:image/svg+xml,%3Csvg%20xmlns='http://www.w3.org/2000/svg'%20viewBox='0%200%2017%2017'%3E%3C/svg%3E" width="17" height="17" alt=""
data-lazy-src="https://cdn-blog.netwrix.com/wp-content/themes/netwrix-zero/assets/images/white-search_icon.png"><noscript><img src="https://cdn-blog.netwrix.com/wp-content/themes/netwrix-zero/assets/images/white-search_icon.png" width="17"
height="17" alt=""></noscript>
<input type="text" class="form-control search-input search-input-js" placeholder="Search" value="" name="s" title="Search for:" aria-describedby="inputSuccess2Status">
<span class="close-search-form close-search-form-js" aria-hidden="true">×</span>
</div>
</form>GET https://blog.netwrix.com/
<form method="get" action="https://blog.netwrix.com/" role="search">
<div>
<img src="data:image/svg+xml,%3Csvg%20xmlns='http://www.w3.org/2000/svg'%20viewBox='0%200%2017%2017'%3E%3C/svg%3E" width="17" height="17" alt="" data-lazy-src="//img.netwrix.com/blog/nav/search_icon_mobile.png"><noscript><img
src="//img.netwrix.com/blog/nav/search_icon_mobile.png" width="17" height="17" alt=""></noscript>
<input type="text" placeholder="Search" value="" name="s" title="Search for:">
</div>
</form>#
<form action="#" class="">
<input type="hidden" value="Network Security Best Practices.pdf" id="before-you-go-pdf">
<input type="hidden" value="Network Security Best Practices" id="before-you-go-name">
<input type="hidden" value="Infrastructure" id="before-you-go-category">
<input type="hidden" value="Collateral" id="before-you-go-type">
<input type="hidden" value="nand" id="before-you-go-product-id">
<input type="email" name="email" placeholder="Enter your business email">
<button class="btn get-before-you-go-js" type="button">Get My <span class="hidden-sm hidden-xs">Free</span> Copy</button>
</form><form action="" class="subscribe-form">
<input type="email" name="email" placeholder="Enter your email" autocomplete="off">
<button class="btn email-subscription-modal-js" type="button">Subscribe</button>
</form>Text Content
Go Up Netwrix Usercube has been recognized as an Overall Leader in the IGA market [Discover More] × Cyber Chief Magazine SysAdmin Magazine eBooks & Guides Attack Catalog Game Zone × Search * * Cyber Chief Magazine * SysAdmin Magazine * eBooks & Guides * Attack Catalog * Game Zone Blog OPEN PORT VULNERABILITIES LIST 1. Blog 2. Infrastructure 3. Open Port Vulnerabilities List Dirk Schrader Published: August 4, 2022 Updated: March 17, 2023 Insufficiently protected open ports can put your IT environment at serious risk. Threat actors often seek to exploit open ports and their applications through spoofing, credential sniffing and other techniques. For example, in 2017, cybercriminals spread WannaCry ransomware by exploiting an SMB vulnerability on port 445. Other examples include the ongoing campaigns targeting Microsoft’s Remote Desktop Protocol (RDP) service running on port 3389. Handpicked related content: * [Free Guide] Network Security Best Practices Read on to learn more about the security risks linked to ports, vulnerable ports that need your attention and ways to enhance the security of open ports. A REFRESHER ON PORTS Ports are logical constructs that identify a specific type of network service. Each port is linked to a specific protocol, program or service, and has a port number for identification purposes. For instance, secured Hypertext Transfer Protocol (HTTPS) messages always go to port 443 on the server side, while port 1194 is exclusively for OpenVPN. The most common transport protocols that have port numbers are Transmission Control Protocol (TCP) and User Datagram Protocol (UDP). TCP is a connection-oriented protocol with built-in re-transmission and error recovery. UDP is a connectionless protocol that doesn’t recover or correct errors in messages; it’s faster and has less network overhead traffic than TCP. Both TCP and UDP sit at the transport layer of the TCP/IP stack and use the IP protocol to address and route data on the internet. Software and services are designed to use TCP or UDP, depending on their requirements. TCP and UDP ports are in one of these three states: * Open — The port responds to connection requests. * Closed — The port is unreachable, indicating that there is no corresponding service running. * Filtered — The firewall is monitoring traffic and blocking certain connection requests to the port. SECURITY RISKS LINKED TO PORTS Numerous incidents have demonstrated that open ports are most vulnerable to attack when the services listening to them are unpatched or insufficiently protected or misconfigured, which can lead to compromised systems and networks. In these cases, threat actors can use open ports to perform various cyberattacks that exploit the lack of authentication mechanisms in the TCP and UDP protocols. One common example is spoofing, where a malicious actor impersonates a system or a service and sends malicious packets, often in combination with IP spoofing and man-in-the-middle-attacks. The campaign against RDP Pipe Plumbing is one of the latest to employ such a tactic. In addition, ports that have been opened on purpose (for instance, on a web server) can be attacked via that port using application-layer attacks such as SQL injection, cross-site request forgery and directory traversal. Another common technique is the denial of service (DoS) attack, most frequently used in the form of distributed denial of service (DDoS), where attackers send massive numbers of connection requests from various machine to the service on the target in order to deplete its resources. VULNERABLE PORTS THAT NEED YOUR ATTENTION Any port can be targeted by threat actors, but some are more likely to fall prey to cyberattacks because they commonly have serious shortcomings, such as application vulnerabilities, lack of two-factor authentication and weak credentials. Here are the most vulnerable ports regularly used in attacks: PORTS 20 AND 21 (FTP) Port 20 and (mainly) port 21 are File Transfer Protocol (FTP) ports that let users send and receive files from servers. FTP is known for being outdated and insecure. As such, attackers frequently exploit it through: * Brute-forcing passwords * Anonymous authentication (it’s possible to log into the FTP port with “anonymous” as the username and password) * Cross-site scripting * Directory traversal attacks PORT 22 (SSH) Port 22 is for Secure Shell (SSH). It’s a TCP port for ensuring secure access to servers. Hackers can exploit port 22 by using leaked SSH keys or brute-forcing credentials. PORT 23 (TELNET) Port 23 is a TCP protocol that connects users to remote computers. For the most part, Telnet has been superseded by SSH, but it’s still used by some websites. Since it’s outdated and insecure, it’s vulnerable to many attacks, including credential brute-forcing, spoofing and credential sniffing. PORT 25 (SMTP) Port 25 is a Simple Mail Transfer Protocol (SMTP) port for receiving and sending emails. Without proper configuration and protection, this TCP port is vulnerable to spoofing and spamming. PORT 53 (DNS) Port 53 is for Domain Name System (DNS). It’s a UDP and TCP port for queries and transfers, respectively. This port is particularly vulnerable to DDoS attacks. PORTS 137 AND 139 (NETBIOS OVER TCP) AND 445 (SMB) Server Message Block (SMB) uses port 445 directly and ports 137 and 139 indirectly. Cybercriminals can exploit these ports through: * Using the EternalBlue exploit, which takes advantage of SMBv1 vulnerabilities in older versions of Microsoft computers (hackers used EternalBlue on the SMB port to spread WannaCry ransomware in 2017) * Capturing NTLM hashes * Brute-forcing SMB login credentials PORTS 80, 443, 8080 AND 8443 (HTTP AND HTTPS) HTTP and HTTPS are the hottest protocols on the internet, so they’re often targeted by attackers. They’re especially vulnerable to cross-site scripting, SQL injections, cross-site request forgeries and DDoS attacks. PORTS 1433,1434 AND 3306 (USED BY DATABASES) These are the default ports for SQL Server and MySQL. They are used to distribute malware or are directly attacked in DDoS scenarios. Quite often, attackers probe these ports to find unprotected database with exploitable default configurations. PORT 3389 (REMOTE DESKTOP) This port is used in conjunction with various vulnerabilities in remote desktop protocols and to probe for leaked or weak user authentication. Remote desktop vulnerabilities are currently the most-used attack type; one example is the BlueKeep vulnerability. TIPS FOR STRENGTHENING THE SECURITY OF OPEN PORTS Luckily, there are ways to enhance the security of open ports. We highly recommend the following six strategies: 1. PATCH FIREWALLS REGULARLY. Your firewall is the gatekeeper to all the other systems and services in your network. Patching keeps your firewalls up to date and repairs vulnerabilities and flaws in your firewall system that cybercriminals could use to gain full access to your systems and data. 2. CHECK PORTS REGULARLY. You should also regularly scan and check your ports. There are three main ways to do this: * Command-line tools — If you have the time to scan and check ports manually, use command-line tools to spot and scan open ports. Examples include Netstat and Network Mapper, both of which can be installed on a wide range of operating systems, including Windows and Linux. * Port scanners — If you want faster results, consider using a port scanner. It’s a computer program that checks if ports are open, closed or filtered. The process is simple: The scanner transmits a network request to connect to a specific port and captures the response. * Vulnerability scanning tools — Solutions of this type can also be used to discover ports that are open or configured with default passwords. 3. Track service configuration changes. Many services on your network connect to various ports, so it is important to monitor the running states of installed services and continuously track changes to service configuration settings. Services can be vulnerable when they are unpatched or misconfigured. Using Netwrix Change Tracker, you can harden your systems by tracking unauthorized changes and other suspicious activities. In particular, it provides the following functionality: * Actionable alerting about configuration changes * Automatic recording, analyzing, validating and verifying of every change * Real-time change monitoring * Constant application vulnerability monitoring 4. USE IDP AND IPS TOOLS. Intrusion detection systems (IDS) and intrusion prevention systems (IPS) can help you prevent attackers from exploiting your ports. They monitor your network, spot possible cybersecurity incidents, log information about them and report the incidents to security administrators. IPS complements your firewalls by identifying suspicious incoming traffic and logging and blocking the attack. 5. USE SSH KEYS. Another option is to use SSH keys. These access credentials are more secure than passwords because decrypting SSH is very difficult, if not impossible. There are two types of SSH keys: * Private or identity keys, which identify users and give them access * Public or authorized keys, which determine who can access your system You can use public-key cryptographic algorithms and key generation tools to create SSH keys. 6. CONDUCT PENETRATION TESTS AND VULNERABILITY ASSESSMENTS. Consider conducting penetration tests and vulnerability assessments to protect your ports. Although both of these techniques are used to spot vulnerabilities in IT infrastructure, they are quite different. Vulnerability scans only identify and report vulnerabilities, while penetration tests exploit security gaps to determine how attackers can gain unauthorized access to your system. FAQS What is an open port vulnerability? An open port vulnerability is a security gap caused by an open port. Without proper configuration and protection, attackers can use open ports to access your systems and data. Which ports are most vulnerable? Certain ports and their applications are more likely to be targeted because they often have weaker credentials and defenses. Common vulnerable ports include: * FTP (20, 21) * SSH (22) * Telnet (23) * SMTP (25) * DNS (53) * NetBIOS over TCP (137, 139) * SMB (445) * HTTP and HTTPS (80, 443, 8080, 8443) * Ports 1433, 1434 and 3306 * Remote desktop (3389) Is port 80 a security risk? Port 80 isn’t inherently a security risk. However, if you leave it open and don’t have the proper configurations in place, attackers can easily use it to access your systems and data. Unlike port 443 (HTTPS), port 80 is unencrypted, making it easy for cybercriminals to access, leak and tamper with sensitive data. Dirk Schrader Dirk Schrader is a Resident CISO (EMEA) and VP of Security Research at Netwrix. A 25-year veteran in IT security with certifications as CISSP (ISC²) and CISM (ISACA), he works to advance cyber resilience as a modern approach to tackling cyber threats. Dirk has worked on cybersecurity projects around the globe, starting in technical and support roles at the beginning of his career and then moving into sales, marketing and product management positions at both large multinational corporations and small startups. He has published numerous articles about the need to address change and vulnerability management to achieve cyber resilience. Network devicesNetwork security Show Comments More great reading What Network Security Is and How to Fortify It Dirk Schrader August 16, 2022 Why Native Network Device Auditing Is Not Enough Jeff Melnick February 21, 2019 Why Monitoring of Network Devices Is Critical for Network Security Jeff Melnick January 29, 2019 Network Security Devices You Need to Know About Jeff Melnick January 22, 2019 Featured tags Active Directory CISSP Cyber attack Data classification Data governance Data security GDPR Insider threat IT compliance IT security Office 365 Privileged account management Risk assessment SharePoint Windows Server ... Featured tags Active Directory CISSP Cyber attack Data classification Data governance Data security GDPR Insider threat IT compliance IT security Office 365 Privileged account management Risk assessment SharePoint Windows Server ... * About Us * About Netwrix * About Netwrix Blog * Write for Us * Resources * Webinars * Attack Catalog * How-to Guides * eBooks & Guides * SysAdmin Magazine * Cyber Chief Magazine * Research * Solutions * Active Directory Security * Data Access Governance * Data Governance * Ransomware Protection * Privileged Access Management * Compliance solutions * NIST CSF * CMMC * PCI DSS * HIPAA * ISO * GDPR © 2023 Netwrix Corporation. Privacy Policy | EU Privacy Policy | EULA | Modern Slavery Statement Corporate Headquarters: 6160 Warren Parkway, Suite 100, Frisco, TX, US 75034 Phone: 1-949-407-5125 | Toll-free: 888-638-9749 Stay Connected About Us * About Netwrix * About Netwrix Blog * Write for Us Resources * Webinars * Attack Catalog * How-to Guides * eBooks & Guides * SysAdmin Magazine * Cyber Chief Magazine * Research Solutions * Active Directory Security * Data Access Governance * Data Governance * Ransomware Protection * Privileged Access Management Compliance solutions * NIST CSF * CMMC * PCI DSS * HIPAA * ISO * GDPR Thanks for visiting! Before you go, grab this guide, it explains how to build strong cybersecurity defenses against hackers to protect your network from compromise. Get My Free Copy We care about security of your data. Privacy Policy × Great things come to those who sign up Get expert advice on enhancing security, data governance and IT operations. Get expert advice on enhancing security, data management and IT operations, right in your inbox. Subscribe We care about security of your data. Privacy Policy Thank you for subscription ×