The Open Ports risk vector observes ports that are exposed to the Internet, known as “open ports.” While certain ports must be open to support normal business functions and few companies will actually have no ports open, the fewer ports that are exposed to the Internet, the fewer openings there are for attack.
Risks
A potential attacker can externally scan for open ports to determine which software or services to target. Open ports with outdated protocols or with protocol vulnerabilities provide potential entry points for attackers to access a company’s network.
Bitsight Blog, “Two Years Later, Still at Least Twice as Likely”: One of our research studies found that organizations with an F Open Port letter grade are >2× more likely to experience a breach than companies with an A.
Grading
See how the Open Ports risk vector is graded.
Lifetime
Every finding has a lifetime that indicates how long it impacts the risk vector grade.
Duration: 60 Days
Insufficient Data
A default risk vector grade is assigned if there's no data or data is insufficient.
Companies are not required to run open port services. The rating is positively impacted if there are no findings for this risk vector.
Weight
Risk categories are weighted. This risk vector contributes to the 70.5% weight of the Diligence risk category.
Weight: 10%
Remediation
Resources
- Findings
- Finding messages (detected services, typical services, potentially vulnerable).
- IANA Service Name and Transport Protocol Port Number Registry – List of network ports.
- Network Packet – Embedded in every packet of network communication is the port number for that communication, which can be used to identify the port.
Recommendations
As one of the most heavily weighted risk vectors in the Diligence risk category, this should be one of the focuses of remediation and process improvement efforts.
- Block unwanted attempts to communicate over certain ports or ranges of ports not used by the company and close unnecessarily open ports.
- Audit the services running on a particular machine and ensure only vital services are running.
- Set up access to required services over a Virtual Private Network (VPN).
- Block specific or ranges of ports not used by the company in the company edge network infrastructure.
- Deactivate any instances of Remote Desktop Protocol (a known attack vector for ransomware) exposed outside of the firewall.
Finding Behavior
Rescan
The Bitsight platform regularly checks for new observations. Findings are rescanned as these observations change, e.g., newly observed Diligence findings or an existing finding was remediated.
Automated Scan Duration: 30-60 Days
User-Requested Rescan Duration: 2-3 Days
Remediated Findings
The behavior of findings if they are remediated. See the guide for what to do after remediation.
- New findings immediately impact the grade.
- Updated findings impact the grade when a closed port is detected.
- Closed TCP ports are immediately detected and marked as closed within 3 days.
- Closed UDP ports are undetectable. These ports are marked as closed 60 days after the finding’s last seen date.
- If an Open Port finding is verified to be opened and closed on the same day, it continues to impact the grade into the following day.
- If the IP address referenced in an Open Port finding has an end date, the finding can no longer be rescanned and will impact the grade until it completes its lifetime.
- January 30, 2025: Adjusted the estimated time it takes to mark when TCP ports are closed to be more accurate.
- March 25, 2024: “No findings/low findings” changed to “insufficient data.”
- November 10, 2023: Linked to finding messages.
Feedback
0 comments
Please sign in to leave a comment.