Listen to this Post
Introduction:
In cybersecurity, understanding network ports is fundamental to securing applications and services. Ports act as communication endpoints, and knowing which ports are associated with specific protocols—like HTTPS—helps professionals configure firewalls, detect anomalies, and prevent attacks. This article explores key ports, their uses, and practical commands to secure them.
Learning Objectives:
- Identify common ports used in web traffic (HTTP, HTTPS, SSH).
- Learn commands to monitor and secure ports on Linux/Windows.
- Understand how misconfigured ports can lead to vulnerabilities.
1. HTTPS and Port 443
Command (Linux):
sudo netstat -tuln | grep 443
What It Does:
This command checks if port 443 (HTTPS) is listening for incoming connections.
Step-by-Step Guide:
1. Open a terminal.
- Run the command to verify HTTPS traffic is active.
- If no output appears, the port may be closed or unused.
Security Tip:
Ensure only trusted services use port 443. Unauthorized listeners could indicate a breach.
2. HTTP and Port 80
Command (Windows):
Get-NetTCPConnection -LocalPort 80
What It Does:
Lists active connections on port 80 (HTTP) in Windows.
Step-by-Step Guide:
1. Open PowerShell as Administrator.
2. Execute the command to inspect HTTP traffic.
3. Investigate unknown processes bound to port 80.
Security Tip:
Redirect HTTP (port 80) to HTTPS (port 443) to enforce encryption.
3. SSH and Port 22
Command (Linux):
sudo ufw allow 22/tcp
What It Does:
Configures Uncomplicated Firewall (UFW) to allow SSH traffic on port 22.
Step-by-Step Guide:
1. Enable UFW: `sudo ufw enable`.
2. Run the command to permit SSH access.
- Restrict access to specific IPs for better security.
Security Tip:
Replace port 22 with a non-default port to deter brute-force attacks.
4. Detecting Unauthorized Ports
Command (Linux):
nmap -sT -p- <target_IP>
What It Does:
Scans all ports (1-65535) on a target system to identify open services.
Step-by-Step Guide:
1. Install Nmap: `sudo apt install nmap`.
- Run the scan to detect unexpected open ports.
3. Investigate unknown services.
Security Tip:
Regular port scans help detect rogue services or misconfigurations.
5. Securing Ports with Firewalls
Command (Windows):
New-NetFirewallRule -DisplayName "Block Port 21" -Direction Inbound -LocalPort 21 -Protocol TCP -Action Block
What It Does:
Blocks inbound FTP traffic (port 21) via Windows Firewall.
Step-by-Step Guide:
1. Open PowerShell as Admin.
2. Execute the command to block port 21.
3. Verify with `Get-NetFirewallRule`.
Security Tip:
Disable unused ports to reduce attack surfaces.
What Undercode Say:
- Key Takeaway 1: Ports 443 (HTTPS), 80 (HTTP), and 22 (SSH) are critical but must be hardened.
- Key Takeaway 2: Regular port audits prevent unauthorized access and data leaks.
Analysis:
Misconfigured ports are a leading cause of breaches. For example, exposing port 22 to the internet without restrictions invites SSH brute-force attacks. Similarly, unencrypted HTTP (port 80) risks data interception. Automation tools like Nmap and firewalls are essential for maintaining visibility and control. As cloud adoption grows, securing API ports (e.g., 8080 for REST) will become even more critical.
Prediction:
With IPv6 and IoT expansion, port-based attacks will evolve. Zero-trust architectures and AI-driven anomaly detection will be key to mitigating risks.
IT/Security Reporter URL:
Reported By: Dharamveer Prasad – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅
