Who’s Listening? Securing Ports Within Your Network

Your house has several entrances— windows, doors, garage, maybe even your roof. These openings to your home are used for different purposes. Your door is used for foot traffic, the garage for cars, and windows for contractors or burglars. Whatever the specific case, we expect certain types of activity with each entrance. 

Computer applications and services operate in a similar fashion. Ports are virtual openings used by applications that need access between networks. Ports are used in nearly all networks to specify how data meant for a particular application will be transmitted. Returning to the comparison with a home, just as movers might enter through your front door, Microsoft Remote Desktop generally “enters” and “exits” through port 3389. On MacOS, Secure Shell (SSH) is enabled via the “Remote Login” feature and runs over port 22. This service connects a remote computer to your device. If you don’t need it, it’s best to turn it off.

Unfortunately, we sometimes leave our doors unlocked or even open. Ports can also be open or closed, and this determines whether services can be run through them. As you’d expect, a closed port does not offer any services while an open port does. It is important to keep track of open and closed ports and what services are available through them. Devices will often have many ports open by default, including those that offer remote access. If you’re using a Windows device, use the Resource Monitor in Task Manager to view network connections and open ports. There is no built-in app to monitor network connections in Mac OS since the Network Utility app was deprecated a few years ago. If you want to work with the command line, check which ports are open or “listening” for services on your device by running the netstat command.

Connecting to unsafe networks, especially through public Wifi, increases the likelihood your open ports will be exploited. Given the greater risk, users should not only be careful about what services their devices are running but what network they are part of. Open ports, especially those offering services on older devices, can be easily exploited on an untrusted network. File Transfer Protocol (FTP), which runs on port 21, is particularly vulnerable.

Security professionals can monitor network traffic for unexpected services using common ports, as well as the reverse— common services using unusual ports. They can also examine traffic for services being used by unusual devices and hosts or sending data to bad destinations. Testing to see how your open ports can be taken advantage of by attackers is a useful exercise, whether done internally or by an external pentester. 

<Laymen analogy closing -- don’t connect to nasty, but make sure vpn (fence) >

About Ironnet
IronNet is dedicated to delivering the power of collective cybersecurity to defend companies, sectors, and nations. By uniting advanced technology with a team of experienced professionals, IronNet is committed to providing peace of mind in the digital world.