In this first blog about port security, we will go over the basics of what are ports and why it’s important to secure them. If you’re already well-versed in the concept of port, jump to our second blog “Best practices for securing used and unused ports”. To truly understand what port security is, one must first understand what a port is. When it comes to the world of computing, a port can be used in three main areas:
1. In networking, a port is a virtual point where network connections begin and end. Ports are software-based and controlled by the operating system of a computer. Each port is associated with a distinct process or service.
2. A port in computer hardware is a jack or socket into which peripheral hardware can be plugged.
3. In computer software, a port is when a piece of software has been translated or converted to run on different hardware or operating system than it was initially designed for.
What is Port Security?
Ports are another important asset that can be used to breach security. Ports are classified into two types: physical ports (physical docking points where users can connect other devices to their computers) and logical ports (well-programmed docking points through which data flows over the internet). A logical port holds the key to security and its consequences.
Each logical connection is given a unique number. It ranges from 0 to 65536 for UDP ports and from 0 to 65535 for TCP ports. These are the logical connection endpoints that determine whether to use TCP/IP or UDP (both are communication protocols). The numbering of logical ports also aids in determining which port should receive traffic. TCP port 80 (or 443, which is another TCP port for HTTPS) is used whenever data communication is handled by TCP/IP as a client-server architecture. The Internet Assigned Number Authority (IANA) lists and assigns official port numbers, which are divided into three sub-categories:
- Well-Known Ports (0-1023)
- Registered Ports (1024 – 49,151)
- Dynamic/Private Ports (49,152 – 65,535)
Security of Logical Ports
Every logical port is vulnerable to a system threat, but some commonly used ports receive a huge amount of attention from malicious hackers. Cybercriminals use vulnerability scanners and port scanning techniques to identify open ports on any system or server. Then, using these open ports, they can determine what services (HTTP, SMTP, FTP, DNS, SSH, Telnet, or VCN) are running and what system the target victim is using.
Here is a variety of possible logical ports that cybercriminals may target:
- 15 Netstat
- 20/21 FTP
- 23 Telnet
- 25 SMTP
- 50/51 IPSec
- 53 DNS
- 67/68 BOOTP
- 69 TFTP
- 79/49 TACACS+
- 80 HTTP
- 88 Kerberos
- 110 POP3
- 111 Port Map
- 119 NNTP
- 123 NTP
- 137-139 NetBIOS
- 143 IMAP
- 161 SNMP
- 389 LDAP
- 445 SMB
- 500 IPSec/ISAKMP
- 520 RIP
- 546/547 DHCP
- 636 SLDAP
- 1512 WINS
- 1701 L2TP
- 1720 323
- 1723 PPTP
- 1812/13 RADIUS
- 3389 RDP
- 5004/5005 RTP
- 5060/5061 SIP
Port security is what can help secure the network by making sure to block foreign devices from forwarding packets. With the use of port security, users can restrict the number of MAC addresses that can be learned to a port, configure static MAC addresses, and impose penalties on unauthorized users that use the port.
Why is port security important?
When an attacker can enter the network they want to attack, their task is comparatively easy. Ethernet LANs are extremely vulnerable to attack because the switch ports are open to use by default, allowing for various attacks such as Dos attacks at layer 2 and address spoofing.
