What are The Most Commonly Targeted Ports?


Understanding the most commonly targeted ports enables you to better protect these threat vectors. Once you know where to look, you can reconfigure the ports to mitigate data breach risks and better secure data.
The 2019 Data Breach Investigations Report, in its appendix, notes some of the most valuable ports that malicious actors use in targeted attacks:
·         cLDAP (389)
·         DNS (53)
·         NTP (123)
·         SSH (22)
·         Telnet (23)
·         HTTP (8080)
·         NetBIOS (445)
·         Dell Open Management
As with all research, the Data Breach Investigations Report provides limited information. While these ports may have been the most commonly targeted at the time of the research, malicious actors continuously evolve their threat methodologies, meaning that they target other ports as well.

Continuous cybersecurity monitoring for defense in depth

Continuously monitoring your cybersecurity controls with artificial intelligence/machine learning enables you to gain real-time visibility into new risks. Defense in depth is a cybersecurity controls model that incorporates multiple defensive practices layered over each other so that if one protective control fails, it has others to back it up. Unfortunately, without cybersecurity monitoring, you may struggle to implement a defense in depth strategy.

Suggestions for creating a defense in depth strategy for ports


As part of your defense in depth strategy that protects against attackers targeting ports, you should be continuously monitoring for:
  • ·         Unused open ports
  • ·         Host-based firewalls
  • ·         Network-based firewalls
  • ·         Port traffic filtering
  • ·         Strong passwords
  • ·         Access controls
  • ·         Penetration testing


While all of these suggestions seem simple, your interconnected IT infrastructure complicates them. For example, adding more devices increases the number of ports which in turn means you need to continuously scan for unused ports. Firewalls control the way information flows across your network, but they also lead to application visibility and control issues.

Comments

Post a Comment

Popular posts from this blog

Make Cybersecurity Your Employees’ New Year’s Resolution

Has your organization has taken the necessary steps to improve its cybersecurity posture for this year? Here are 6 strategies you can deploy throughout your company to strengthen its security for the rest of the year – and beyond. 1) Introduce training in the on-boarding process – and repeat once a quarter. A common mistake that companies make is only requiring employees to complete one security training session when they begin working. Regular training throughout the year is imperative to ensure that employees are consistently being aware of possible cyber-attacks. Interns, to mid-level managers, to senior executives should all be taking part in  the training . 2) Reward employees for safe and secure online practices.   There’s no better way to encourage your employees to make security a priority than an incentive. If they are being rewarded and acknowledged, that will not only increase their motivation but motivate colleagues as well. You can even s...
Read more

Cyber Threat Hunting

Threat hunting is the practice of proactively searching for cyber threats that are lurking undetected in a network.  Cyber threat hunting digs deep to find malicious actors in your environment that have slipped past your initial endpoint security defenses. After sneaking in, an attacker can stealthily remain in a network for months as they quietly collect data, look for confidential material, or obtain login credentials that will allow them to  move laterally across the environment . Once an adversary is successful in evading detection and an attack has penetrated an organization’s defenses, many organizations lack the advanced detection capabilities needed to stop the  advanced persistent threats  from remaining in the network. That’s why threat hunting is an essential component of any defense strategy. Threat Hunting Methodologies Threat hunters assume that adversaries are already in the system , and they initiate an investigation to find unusual b...
Read more

Test Your Response Plan to Prepare for Cyber Attack

The survey identified nine best practices that could keep the costs of a breach under $500,000 or even less than $100,000. These tasks include: Review and improve cyber monitoring practices regularly, formally, and strategically over time Regularly review connection activity on the network to ensure that security measures are working as intended Integrate security into the organization's goals and business capabilities Routinely and systematically investigate security incidents Put tools in place to provide feedback about security practices Increase security controls on high-value assets as necessary Integrate security technologies  Keep threat detection and blocking capabilities up to date Make it easy to determine the scope of a compromise, contain it, and remediate  The survey found that there is a tangible ROI in implementing a baseline patch policy. Forty-six percent of respondents were more concerned about unpatched vulnerabilities in this year's survey, ...
Read more