SANS Top 20 Critical IT Controls. #13: Control Network Ports, Protocols and Services

You may think that since you have secured your network through firewalls and intrusion prevention devices, you must be secure. Not so fast! Attackers are constantly on the prowl, looking for any server or service they can exploit in your network. For example, a poorly configured web or mail server can be identified with an unauthorized external network scan. It’s not uncommon for a software package to automatically install an Apache server, for example, without the administrator or installer being aware of the fact. A hacker can access those “orphan” services and expand the initial entry into something much larger.

SANS Critical Control #1 is about the need for an asset management system. You can use an up to date enterprise asset inventory to compare the services that are actively listening on your network with the services that you actually require. To control unauthorized and misconfigured services from running on your network, you must schedule port scanning tools to run regularly. For example, if an employee unintentionally (and without authorization) installs a service that listens on the network, the port scanning tool will identify that service.

Once the port scanning tool identifies an unauthorized service running on the network, it must send out an immediate alert to the system administrators or security personnel. The administrators can either disable that service or ensure that it is authorized through official change management procedures.

You must also adopt a deny rule by default on your host based firewalls or port filtering tools, so that only explicitly allowed service and ports are used. You must also ask your business units to justify the business use across the internal network on a quarterly basis. You must ensure that any temporary servers or services for projects that have been completed, are turned off through a periodic formal verification process.

One thought on “SANS Top 20 Critical IT Controls. #13: Control Network Ports, Protocols and Services

Leave a Comment

Your email address will not be published. Required fields are marked *


Contact Us

If you have an urgent question regarding your software licensing or a software audit, please contact Miro right away.

(732)738–8511 x1208
Use the chat box on the right

About Us

Miro is a leading global provider of software asset management services, specializing in license management, audit advisory, negotiation tactics, support management, and cloud services. We help our clients maximize ROI on their software license investments, stay in compliance, and minimize the impact of audits. Miro's performance guarantee promises that our long-tenured, diverse, and passionate team of expert analysts provides insightful and actionable advice to help our clients achieve the best possible outcomes.