Open Ports Risk Vector – Bitsight Knowledge Base

November 10, 2023: Linked to finding messages.
August 16, 2023: New Grading & Finding Behavior sections.
May 11, 2020: Updated description.

The Open Ports risk vector observes ports that are exposed to the Internet, known as “open ports.” While certain ports must be open to support normal business functions and few companies will actually have no ports open, the fewer ports that are exposed to the Internet, the fewer openings there are for attack.

See data collection methods.

Risks

A potential attacker can externally scan for open ports to determine which software or services to target. Open ports with outdated protocols or with protocol vulnerabilities provide potential entry points for attackers to access a company’s network.

Bitsight Blog, “Two Years Later, Still at Least Twice as Likely”: One of our research studies found that organizations with an “F” as their Bitsight Open Port letter grade are more than twice as likely to experience a breach than companies with an “A.”

Grading

See how the Open Ports risk vector is graded.

Concept

Behavior

Lifetime

60 Days

No Findings

– “A” Letter Grade

Companies are not required to run open port services. The rating is positively impacted if there are no findings for this risk vector.

Weight

(Out of 70.5% in Diligence)

10%

Remediation

Resources

Findings
Finding Messages
IANA Service Name and Transport Protocol Port Number Registry – List of network ports.
Network Packet – Embedded in every packet of network communication is the port number for that communication, which can be used to identify the port.

Recommendations

As one of the most heavily weighted risk vectors in the Diligence risk category, this should be one of the focuses of remediation and process improvement efforts.

Block unwanted attempts to communicate over certain ports or ranges of ports not used by the company and close unnecessarily open ports.
Audit the services running on a particular machine and ensure only vital services are running.
Set up access to required services over a Virtual Private Network (VPN).
Block specific or ranges of ports not used by the company in the company edge network infrastructure.
Deactivate any instances of Remote Desktop Protocol (a known attack vector for ransomware) exposed outside of the firewall.

Finding Behavior

Concept

Behavior

Refresh

Automated: 30-60 Days

User-Requested: 4 Days

Remediated

New findings immediately impact the grade.
Updated findings impact the grade upon the detection of a closed port.
- Closed TCP ports are immediately detected and marked as closed within 10 days.
- Closed UDP ports are undetectable and marked as “closed” after the finding completes its lifetime (60 days).
If an Open Port finding is verified to be opened and closed on the same day, it continues to impact the grade into the following day.
If the referenced IP of an Open Port finding has an end date, it can no longer be refreshed and will no longer impact the grade when it completes its lifetime.

Articles in this section