Insecure network services, such as exposed ports and insecure protocols, can open a whole network infrastructure to security risks and compromise, including malware attacks, denial of service attacks (DoS), man-in-the-middle attacks (MITM), and more.
Here’s what insecure network services are, what vulnerabilities they create, and what measures you can take.
What are insecure network services?
Devices and services that are exposed to the internet and that use insecure or unnecessary network services risk exposing the data that they transmit and the webserver they run on. In the case of connected devices that are part of the internet of things (IoT), insecure network services can also open such devices up to remote control and be utilized as a botnet.
Two main vulnerabilities associated with insecure network services are unnecessarily open ports and insecure network protocols.
Open ports are a door for malicious agents to gain unauthorized access to devices or services with code vulnerabilities. Such services include insecure protocols which may expose authentication details or session data due to weak encryption or a lack of encryption, or other vulnerabilities. Some of the dangers that devices, services, and systems are exposed to due to insecure network services include:
- Various forms of malware, spyware, ransomware, and trojans
- Denial of service (DoS) attacks and distributed denial of service (DDoS) attacks
- Man-in-the-middle (MITM) attacks
- Evil Twin attacks
- Wireless sniffing, wardriving, and piggybacking
See the sections below to better understand how open ports and insecure protocols can lead to vulnerabilities.
What is an open port, and how can it lead to vulnerabilities?
The purpose of ports is to enable communication between devices. Applications connected to the internet listen on ports for connection attempts from the outside. I.e., ports are communication endpoints where connections begin and end. Different ports have different purposes, correspond to different services, and have a specific number assigned to them.
An open port is receiving communication that is specific to its assigned purpose. If a port is used at a given moment, it cannot be used for a different purpose and will reject connection attempts.
Open ports in themselves do not create vulnerabilities. However, they create the possibility of exploiting vulnerabilities present in the listening applications and services. This makes unnecessarily open ports a source of potential danger.
For example, TCP ports 139 and 445 are operated by the Server Message Block (SMB) protocol. The purpose of this protocol is to serve for file and printer sharing and remote administration. By default, this protocol is open on Windows machines. However, older versions of the protocol had vulnerabilities that enabled the famous and harmful WannaCry attack, a remote code execution type.
The above is only one example of how open ports can be exploited if a vulnerability is present in the listening service.
What are insecure protocols, and why are they dangerous?
As stated above, the true danger lies in insecure protocols, such as the vulnerable versions of the SMB protocol that lead to the WannaCry attack or the NotPetya attack. Both of these used the EternalBlue exploit associated with this protocol.
SMBv1 is one protocol that has vulnerabilities. However, there are many more, and their vulnerabilities are part of the insecure network services vulnerabilities that can lead to exploits, leaks, and more.
Common insecure protocols include:
- Server Message Block (SMB) version 1
- Simple Network Management Protocol (SNMP) versions 1 and 2c
- File Transfer Protocol (FTP)
- Link-Local Multicast Name Resolution (LLMNR)
- NetBIOS Name Service (NBT-NS)
- New Technology LAN Manager (NTLM) version 1
Due to the vulnerabilities present in these protocols or certain versions, leaving ports open becomes dangerous. Here’s what you can do to limit the exposure of insecure network services and prevent attacks.
How to mitigate insecure network services
Since insecure network services result from open ports and vulnerable protocols, measures that you can take to prevent exploits apply to ports and protocols. Here are some suggestions about how to prevent exploits of your vulnerable devices and services:
- Do not overexpose ports – open only necessary ones and permanently close those that are not needed
- Scan ports regularly to identify risks and take additional measures
- Disable outdated protocols or update to more secure versions, if possible
- Replace equipment running insecure protocols or, if not possible, deploy mediating devices to convert protocols into safer versions
- Implement network segmentation to limit attacker’s access to the whole network
- Hide the network’s service set identifier (SSID)
- Encrypt network data
- Block any unusual traffic
- Identify and mitigate DoS vulnerabilities as well as memory corruption vulnerabilities.
- Access ports via a secure VPN
- Restrict network access to authorized users via MAC address filtering
- Disable remote device access or introduce stringent authentication procedures
- Fortify your firewall protection – use both host-based and router-based
- Regularly patch and update access point software
What makes network services insecure?
Outdated and insecure protocols, as well as unnecessary open ports, can lead to network service vulnerabilities being exploited. Other factors include a lack of security support, weak password systems, a lack of authentication or poor authentication processes, poor firewall configuration, unpatched and outdated software, device vulnerabilities, and more.
What kinds of attacks can be launched against insecure network services?
Denial of service (DoS) and distributed denial of service attacks (DDoS), man-in-the-middle attacks, malware, spyware, and ransomware, as well as a host of other attacks, can be used against an insecure network.