Limitation and Control of Network Ports, Protocols & Services
CIS Control 9
Manage (track, control, correct) the ongoing operational use of ports, protocols, and services on networked devices in order to minimize windows of vulnerability available to attackers.
Why is this Critical?
Today’s attackers are constantly looking for exploitable network services to penetrate their target environment. Many software packages automatically install services and turn them on as part of the installation without informing the user or administrator that these services have been enabled. Attackers scan for these services and attempt to exploit them, often using default user IDs and passwords or widely available exploitation code. The proper configuration and control of network ports, such as mail and web servers, file and print services, and DNS servers will decrease the number of vulnerabilities that attackers can exploit.