NopSec.com uses cookies to make interactions with the Company’s Websites easy and meaningful. When you visit one of the Company’s Websites, NopSec.com’s servers send a cookie to your computer. Standing alone, cookies do not personally identify you; they merely recognize your Web browser. Unless you choose to identify yourself to NopSec.com, either by responding to a promotional offer, opening an account, or filling out a Web form (such as a “Contact Us” or a “Free Trial” Web form), you remain anonymous to the Company. Please go to our privacy statement for details.

Acknowledge
More Menu Less Menu
Schedule a Demo
Security Team Intelligence

SANS Critical Control 11: Limitation and Control of Network Ports, Protocols, and Services

Exposure level and Risk level are directly proportional to each other!

Ports, protocols and services are entry points and mechanisms into a target network or system. Default installations, misconfigurations, unauthorized services, etc result in increased exposure. The attackers are always on the lookout for such avenues that are vulnerable and these can be leveraged to gain access to the target network or system.

SANS Critical Control 11 talks about tracking, controlling and limiting the use of network ports, protocols and services with the intention of reducing the attack surface.

SANS lists the following key points for limitation and control of network ports, protocols and services:

  1. Active scanner analyzes production systems for unauthorized ports, protocols, and services
  2. System baselines regularly updated based on necessary/required services
  3. Active scanner validates which ports, protocols, and services are blocked or allowed by the application firewall
  4. Active scanner validates which ports, protocols, and services are accessible on business systems protected with host-based firewalls.

Unified VRM includes internal network and external network modules which are responsible for detecting, aggregating and reporting risks in a prioritized fashion for internal and external networks respectively. These modules include an active scanner that interact with the target system in order to identify open ports, supported protocols and services running.

Unified VRM allows customers to scan production systems as and when required thereby allowing the user to keep track of authorized ports, protocols and service after each scan. Unauthorized ports, protocols or services identified can be disabled or uninstalled and tested by performing another scan using Unified VRM’s built-in scanner.

The active scanner in the Unified VRM can be leveraged to test the application firewall’s implementation. The scanner can be used to verify if the application firewall is able to block all traffic except those directed towards authorized ports and services, and generate an alert.

Host based firewalls are implemented in addition to application firewall to maintain a defense-in-depth strategy. The Unified VRM’s active scanner can be directed towards business systems to identify unauthorized ports, protocols and services in the presence of a host-based firewall.

Categories
Category
Tags
Verizon 2020 DBIR Report, Vulnerability management
Read Next

Schedule a Product Demo Today!

See how NopSec's security insights and cyber threat exposure management platform can organize your security chaos.