As you start the new year, it’s a good time to think about what you can do to keep your network and organization from being low hanging fruit for attackers. Taking these steps won’t make you immune to attacks, but it might encourage attackers to go after someone else.
1. How you get in, they get in: Protect remote access and management access
The MITRE ATT&CK framework lists the ways and ports typically used for management access to servers and workstations. Attackers know these access methods as well and target the ways you enter your network. For example, if you use any of the following ports and expose them to the internet, add closing, blocking or enabling two-factor authentication (2FA) on them to your to-do list for 2020.
- SSH (22/TCP)
- Telnet (23/TCP)
- FTP (21/TCP)
- NetBIOS / SMB / Samba (139/TCP & 445/TCP)
- LDAP (389/TCP)
- Kerberos (88/TCP)
- RDP / Terminal Services (3389/TCP)
- HTTP/HTTP Management Services (80/TCP & 443/TCP)
- MSSQL (1433/TCP)
- Oracle (1521/TCP)
- MySQL (3306/TCP)
- VNC (5900/TCP)