Router Security: Closing Unnecessary Ports
This article is part of a series on the subject of router security. In this article, we will examine one type of router vulnerability and learn how to protect your system from hackers and malware that seek to exploit this type of vulnerability. Our subject today is, “unnecessary open ports,” a very common vulnerability. Read on...
Batten Down The Hatches!
I grew up watching Bugs Bunny and other "Looney Tunes" cartoons. One bit I always remember is this sequence: "Batten down the hatches!" -- "I did batten them down!" -- "Well, batten them down again! We'll teach those hatches!"
Why do I mention this? Well, as I mentioned at the start of this article, it's part of a continuing series on securing your internet router. If you missed earlier installments, see [HOWTO] Protect Your Router Now and UPnP - The (almost) Forgotten Vulnerability. The point is, you might think you've already battened down your router hatches, but you may still be exposed to attacks. So let's batten 'em down again!
“What is a port?” is a good place to start. Simplified for our purposes, a port is a place in your network’s secured perimeter through which programs running on your network can communicate with the outside world, and vice versa. (Don't look for physical ports on your router; the ports we're talking about here are implemented in software.) An open port allows such two-way communication, and a closed port does not.
Any open port is a potential security vulnerability, just as any open window or door on your home would be. It behooves us to keep ports closed when we are not using them. Ideally, an external entity should not even be able to detect a port’s existence, and that sort of “stealth” status is achievable.
Also, through an open port an external entity can discern what software you are running that uses the port, right down to that software’s version number. That knowledge can be exploited by hackers who have vast knowledge of vulnerabilities in specific versions of popular programs.
Knowing what software you are running enables a hacker to choose his best weapons for an attack on your system. Closing unnecessary ports deprives attackers of such useful intelligence, and minimizes the “attack surface” of your system – that is, the number of points at which an attacker might find a vulnerability.
Open Ports: An Example
Here is an example of ports in action: suppose that on your computer you are running an FTP (File Transfer Protocol) server, a program whose functions include “listening” for requests from remote computers – called “clients” - to deliver (serve) to them specified files that are stored on your computer.
When the FTP server program is started, it opens port 21 and “listens” on it for incoming requests. FTP client programs send their requests for file transfers to port 21. Port 20 is also brought into play; it is the port through which the requested file is transmitted, while port 21 is used for command-and-control messages. Port 20 is closed when a file transfer is completed. When the FTP server program shuts down, it closes port 21. At least, that is how things are supposed to work.
A bug in an FTP server may leave port 20 or 21 open continually, offering a would-be attacker an opportunity to send malware to the buggy system or download files without permission. Many a computer owner has found his system hosting a bootleg file exchange created by hackers who exploited these open ports. Some of these victims had to answer awkward legal questions about copyrighted materials, child pxrnography, and so on. A seemingly trivial bug like an open port 21 can have major consequences.
FTP is just one service running on a well-known port that hackers can exploit. Telnet, which “listens” for clients’ requests on port 23, effectively grants a remote client command-line control of the computer and all other devices to which that computer has access. Hackers are very interested in IP addresses that are running open telnet services! Other ports, when left open, can give hackers equally threatening powers.
What is Port Scanning?
Hackers are constantly scanning the Internet, one IP address at a time, looking for IP addresses that have open ports and exploitable services. This port scanning takes very little time or resources, so hackers can afford to knock on millions of locked doors to find a handful of open ones.
You can scan your own home network from a hacker’s perspective to see what ports are open to exploitation, if any. Then you can close these vulnerabilities, and create rules that allow ports to be opened only by your programs and only when the ports are needed for your purposes.
Security researcher Steve Gibson has provided the free ShieldsUp https://goo.gl/lbEJ port-scanning service for longer than I can remember. It scans your router for vulnerabilities, including open ports. It reports the status of all 65,000+ ports, and offers advice on how to fix vulnerabilities. It is a great security checkup for every user!
How to Close Open Ports
Suppose a scan of your router reveals that port 21 is open unnecessarily. If your router has built-in firewall software, you can use it to close port 21; instructions for doing so will vary depending on your router. But you can also close ports using Windows’ built-in firewall, and the process is very similar no matter what firewall software you use. So here is how to close a port using Windows Firewall. (I will be using Windows 10; minor adjustments these instructions may be necessary if you are still using Windows 7 or 8.1.)
Type “firewall” in the Start menu’s search box and click on the Windows Defender Firewall app when it appears in the results. Click “Advanced Settings” in the left sidebar. On that page, highlight “Inbound rules” in the left pane. Over in the right-hand pane, click on “New rule.”
In the “new rule” window, darken the radio button next to “Port” and click Next. Now we have to specify the port and the protocol that it uses. We are going to block port 21, which is used by FTP, which employs the TCP protocol. So darken the radio button next to “TCP” and the radio button next to “specific local port,” then enter “21” in the text box, and click Next.
Darken the radio button next to “block the connection” and click Next.
On the “Where will this apply” page, check the areas in which you want port 21 to be blocked. All of them will be fine. Then click Next.
Give your new rule a name, such as “Block Port 21,” and click Finish.
Reboot your PC and the new rule will take effect; port 21 is blocked to incoming requests from remote clients. Port 21 is also now in “stealth mode,” invisible to entities that are scanning ports. Here is why:
When a remote client sends a request to a service that is running on a port, that service usually acknowledges the request by sending back a “request accepted” or “request rejected” message. But with the port blocked, the service running on it receives no requests, so it sends no response. The remote client gets no clue as to whether there is a port and service at that IP address or not. The less strangers on the Internet know about your home network, the better. In the physical world, it would appear to a burglar as if your house had no windows or doors at all.
So now you understand what ports are; why unnecessarily open ports are usually bad; how to identify open ports on your network; and how to close an open port. That’s quite a bit for one lesson!
Your thoughts on this topic are welcome. Post your comment or question below...
This article was posted by Bob Rankin on 27 Jun 2018
|For Fun: Buy Bob a Snickers.|
[PRO/CON] Paid Subscriptions to Online Content
The Top Twenty
Geekly Update - 28 June 2018
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005 - Bob Rankin - All Rights Reserved
Article information: AskBobRankin -- Router Security: Closing Unnecessary Ports (Posted: 27 Jun 2018)
Copyright © 2005 - Bob Rankin - All Rights Reserved