Cyber advice - protect your ports from cyberattack
Ports are virtual places within an operating system where network connections start and end. They are software-based and managed by a computer’s operating system. Each port is associated with a specific process or service and will have its own reference number to ensure an internet or other network message is forwarded to the correct place when it arrives at a server.
All network-connected devices come equipped with standardised ports that have an assigned number. For example Ports 20 and 21 are used for FTP allowing the transfer of files between clients and a server.
Criminals are always scanning for ports that they can access to infect your systems. They use port scan detection methods to determine which ports on a network are open. The ports on your computer are the place where information is sent and received, so port scanning is really like knocking on a door to see if someone is home.
A good conduit for the massive dispersal of viruses, computer ports are obvious targets for cybercriminals – particularly those that favour ransomware over phishing.
Who is at risk?
Any business using ports for business operations such as HR or finance, is open to attack if the ports are visible to the open network.
If you’re a manufacturing engineering business and you’re using operational technology, your ports are more at risk because they are not segmented from the internet. This is a significant area of risk and should be something that you look to mitigate.
Your ports don’t need to be closed, but invisible because if they can be seen, they can be exploited. You can disguise ports by using a VPN (virtual private network) or help to make access more difficult by implementing MFA (multi factor authentication).
Standard ports to double check
Here are some standard ports that Beazley, one of our insurer partners, recommend you look at as potential access points for cyberattacks:
Remote access ports 3389/5900
Ports 139/445 – which they suggest you never open outside of your network
They also strongly recommend you shut off the following too:
- Developer access
To see the ports you have open (if you’re tech savvy) use the NetStat command in system 32, otherwise ask your IT department/expert to assist.
Protecting your ports
Antivirus software won’t close them automatically, so if you spot a port that you want to close you will need to do it manually. Ports are typically visible in your computer settings, under the Security tab. If you have no access, ask your IT department to shut them down. Alternatively, if they need to be open, it’s worth considering a VPN to hide your details from would-be attackers.
We recommend that you add a port review into your risk management assessments, so ensure that you are not leaving this ‘open door’ to your data and systems available for cybercriminals.
We can help you to create a risk management strategy for your business and support this with a cyber insurance policy, so if you do fall victim to an attack, you will be in the best possible position to recover from it.