Helping Businesses Understand Open Ports

You may have heard about ports in network security, and specifically open and closed ports. Without a level of knowledge in this area, businesses may not understand what ports are and what purpose they have. Furthermore, a lack of understanding can mean the associated cybersecurity risks with ports are not fully appreciated.  

This article will seek to help businesses understand ports, what it means for ports to be open or closed, and the risks associated with unnecessarily leaving ports open. 

What are ports? 

Ports are foundational to communication over the internet. They allow information to flow over the internet and enable devices, programs and networks to talk to each other.  

Everything that communicates via the internet has its own designated IP address, and each address has two kinds of ports, UDP (User Diagram Protocol) and TCP (Transmission Control Protocol). Each IP address has up to 65,535 different ports. 

Ports act like gates to a network and can either be open or closed. Certain ports have designated functions, and there are some which must be open in order for internet-connected services to function. 

Ports can only operate one service at a time and trying to use a port that is already setup to perform a different function will cause your attempt to fail. 

Some of the most common ports are listed below: 

FTP (21) – File Transfer Protocol used to transfer files over the Internet 

SMTP (25) – Simple Mail Transfer Protocol ensures secure communication of email messages 

WHOIS (43) – Obtains the registration of ownership of domain names and IP addresses 

DNS (53) – Domain Name System links domain names to their respective IP addresses 

HTTP (80) – Hypertext Transfer Protocol – communication to and from a web server 

POP3 (110) – Post Office Protocol used by email clients to retrieve data from remote email servers 

IMAP (143) – Internet Message Access Protocol enables receipt of emails from a remote server without needing to download the email 

HTTPS (443) – Establishes a secure connection between web pages and the browser 

What are open and closed ports? 

An open port is a TCP or UDP port configured to accept packets. This basically means it can be communicated with. A closed port will reject connections and ignore all packets. 

In order for a communication channel to be established, a port both needs to be open and have an application ‘listening’ on it. Listening services will accept the incoming packets and process them. 

Ports can be closed through the use of a firewall. The firewall will filter incoming packets and only let through packets configured to be accepted. Packets directed at closed ports will be denied entry. 

Security risks with open ports 

It is commonly accepted good practice to close unused open ports. When security vulnerabilities in legitimate services are exploited, open ports can become dangerous. They can also be dangerous when malicious services are introduced to a computer, by being used in conjunction with these programs to access sensitive data. 

Open ports are not always dangerous themselves, but more when they have poor security and are unpatched. The ports listed above must remain open for basic internet functionality to occur. 

For businesses subject to a cyberattack, open ports can be used by threat actors to perform a denial-of-service attack that floods the network with a barrage of packets that causes the system to crash. This will cause services to be inoperable and can leave an organisation vulnerable. 

Port scanning services are available online, many of them free, which allow you to not only see which ports are open, but whether a service is listening on that port. Cybercriminals can use these services to target organisations and attempt to exploit potential vulnerabilities. 

How can you stay protected? 

It is considered best practice to close open ports in your network in order to reduce your attack surface. 

System administrators can scan for open ports and close them. Moreover, by scanning for ports they can see which are active, and, if there are active ports which cannot be accounted for, this can signal potential malicious activity taking place on your network. 

As already stated, there are some ports which are necessary for devices and your network to function correctly and so must stay open. Full lists of what these ports are will be available online.  

Once they know which ports must remain open, administrators can then decide which ports should be made closed. As a rule of thumb, if a port is open and not associated with any known service, it should be closed. 

Securiwiser can help 

On smaller networks, monitoring and managing ports can be not too strenuous. However, for larger networks, this task becomes considerably harder to maintain. 

Fortunately, there are continuous monitoring technology services available. Securiwiser can continuously monitor your domain and inform you of any issues regarding ports. If you have open ports, Securiwiser will let you know this so you can act and secure your network. As well as this, other cybersecurity factors are monitored including DNS health, application security, exposure and brand & IP reputation. 

Securiwiser provides a free trial that lets you experience their service before making any monetary commitment. Try it for free today.