Optimize Security with Control of Network Ports, Protocols and Services

IT is security has become a top priority for any business or organization in today's digital landscape, where threats continue to evolve.

Continuing our series on The SANS Institute 20 Essential Security Controls, this week, we focus on a fundamental aspect of effective cybersecurity: the control of network ports, protocols, and services. This measure manages and controls network services to minimize potential entry points.

Understand what it means to control ports, protocols, and services. 

Ports, protocols, and services refer to the different connection points and rules that govern communication between devices on a given network. Each service or application uses specific ports to communicate.

For example, port 80 is commonly used for HTTP (HyperText Transfer Protocol) connections, while port 443 is used for HTTPS (HTTP Secure) connections.

Control of ports, protocols, and services involves controlling or restricting access to only those necessary for legitimate operations. We can achieve this by configuring firewalls, access control lists (ACLs), and other security tools to selectively block or allow inbound and outbound traffic.

Why is it important to monitor ports?

1. Reduce the attack surface

Limiting open ports and services reduces the potential attack surface, making it harder for cybercriminals to find exploitable vulnerabilities. You become more burdensome to cyberattacks.

2. Protect against known threats

By turning off non-essential services and closing unused ports, you reduce opportunities for attackers to target vulnerable services or become obsolete over time.

3. Improve compliance

By having a clear overview and controlling ports and services by the security policies in place in your organization, you comply with regulations regarding protecting sensitive data and privacy.

4. Optimize network performance

Eliminating unauthorized and non-essential traffic improves network performance by reducing congestion and increasing resource availability.

Have you identified your risk areas and what deserves your attention? Bradley & Rollins provides you with its recommendations and best practices!

Good practice 1

Identification and precise definition of essential services

Identify network services needed for critical business operations. This measure may include services such as email, web, databases, etc.

These controls help determine which services we need for critical business operations, who should access them, and for how long.

For that, it is necessary :

• Identify critical business services: Map business processes to identify essential services such as email, web, databases, etc.

• Regulate access and access durations: Apply the principle of least privilege to control access to services, granting only necessary privileges—set policies to manage temporary access securely.

• Continuously evaluate and monitor: Regularly re-evaluate essential services and access requirements to ensure they align with business objectives. Monitor activities for abuse or anomalies.

Good practice 2

Proper configuration of firewalls!

Firewalls play a crucial role in protecting networks against external threats. Here are some critical steps for an efficient setup:

• Effectively block unauthorized traffic: Configure firewalls to block any traffic considered unauthorized to ports and services categorized as non-essential. This measure limits potential entry points for attackers.

• Take a "deny-all, allow-specific" approach: A strict "deny-all, allow-specific" approach initially denies all traffic except that specifically allowed. This measure reduces the attack surface by only allowing necessary traffic.

• As the saying goes, "Prevention is better than cure!"» In our opinion, Proactive and anticipatory firewall configuration is essential. It is often more effective and ultimately much less costly to prevent attacks by actively blocking unauthorized access than to react once the cyberattack has occurred.

Good practice 3

Continuous and targeted monitoring

We recommend implementing continuous monitoring mechanisms to detect suspicious activity on authorized ports and services. This measure may include log analysis and the use of intrusion detection systems (IDS) and intrusion prevention systems (IPS). Bradley & Rollins also recommends implementing the 24/7 SOC service, allowing increased and permanent monitoring of sensitive company endpoints to protect the best company assets that cannot afford to be affected to ensure the smooth running of activities.

Good practice 4

Use of attack surface analysis software

Bradley & Rollins strongly recommend monitoring external ports with attack surface analysis software. This measure provides an additional layer of protection for all sensitive points.

For that we could recommend a solution like MavGate or Tenable.

In conclusion

Controlling network ports, protocols, and services is critical to an organization's overall security posture. By following best management and monitoring practices, you can reduce the risk of attacks and effectively protect your digital assets against ever-evolving online threats. It is also important to remember that each organization, depending on its size, sector of activity, and industry, presents different security challenges. Adopting a plan and a personalized approach for each person is essential.

Bradley & Rollins specializes in addressing security incidents. Do you have a question about one of the points covered in this article? Do not hesitate to ask via our contact form.