Critical Control 13: Limitation and Control of Network Ports, Protocols, and Services

Attackers search for remotely accessible network services that are vulnerable to exploitation.  Common examples include poorly configured web servers, mail servers, file and print services, and DNS servers installed by default on a variety of different device types, often without a business need for the given service. Many software packages automatically install services and turn them on as part of the installation of the main software package without informing a user or administrator that the services have been enabled.  Attackers scan for such issues and attempt to exploit these services, often attempting default user IDs and passwords or widely available exploitation code.
When climbing the face of a cliff, rock wall climbers look for every nook and cranny to place their fingers or piton into in order to secure a foot hold and ensure a solid avenue is established.  When attacking a network or computer system, hackers look for any port or offering that they can grab hold of and push in their foot hold.  We must seal the avenues we don’t want them to gain access to, and secure or monitor those that we must have open.
Actively scanning a network is one way to become well-known and a quick way to be caught.  Seasoned hackers know that to attack successfully, one needs to remain below the radar and yet gain enough knowledge about a site (continue reading...)