visit
This article provides the network vulnerabilities and defense approaches, with a focus on all the TCP and UDP ports, Port vulnerability, and learn more about Windows, Linux server operation guide.
★ Every organizational network has security Weaknesses in its system and it will be explored by the intruders using tools and techniques.
★ After a discussion of the risks that are associated with TCP/UDP ports, we will present a defense of the network in this article everything from preventing access to the port to protecting the network after it has breached a port. To provide a stable networking environment and deter certain classes of security breaches on your cloud servers/campus network/Office network. Please. Follow the guide to implement a standard firewall system on your servers.
★ Vulnerability Protection provides advanced server security for your cloud/physical servers/PCs. It protects enterprise applications and data from breaches and business disruptions without requiring emergency patching on uncertainty.
★ These broad sets of measures will help you maintain the Linux server and helps you to simplify the overall security operations hustle-free.
★ In the computer world, we use a network port as a communication line between two endpoints. At the software level, within an operating system, a port is a logical construct point that singles out a specific process or a network service. We identify ports for each protocol and address combination by using 16-bit unsigned numbers, commonly known as the port number. The most popular protocols that we use in routine life are TCP and UDP.
★ We identify a network port number with an IP address of a host and the protocol used for the communication. This process is well-known as binding and enables the process to send and receive data via the network correctly to the origin and destination.
Internet Assigned Numbers Authority (IANA) functions:
Management of the DNS Root Zone (assignments of ccTLDs and gTLDs) along with other functions such as the .int and .arpa zones.
Coordination of the global IP and AS number spaces, such as allocations made to Regional Internet Registries.
The central repository for protocol name and number registries used in many Internet protocols.
★The IANA is responsible for the global coordination of Internet protocol resources, such as the DNS Root, IP addressing, and the registration of commonly used port numbers for well-known Internet services. It divides the port numbers into three areas:
★ Well-Known and Registered we should not use ports without IANA registration. To register for a port and services. Please, refer to this weblink for more information.
★ This are used to register user-specific port numbers and service names in the IANA council. To get to know more about the detailed instructions on how to fill out the applications of this form, please read the procedures document .
— — — — — — MASTER CHART OF TCP/UDP PORTS — — — —
★I have designed a master chart of TCP/UDP ports with several categorizations to identify the ports effectively and efficiently.
File Transfer Ports: The ports in this table are used with protocols that transfer files.
Email Ports: The ports in this table are used with email related protocols.
Remote Access Ports: The ports in this table are associated with protocols used to connect to remote computers for various purposes.
Miscellaneous Ports: The ports in this table don’t fit neatly in any of the other categories but are still relevant.
Follow the guide to implement a standard firewall system on your servers.
How to Close Unused Open Ports: TCP and UDP Ports :
Open ports allow hackers to:
✓ Close unused service: Unused services tend to be left with default configurations, which are not always secure, or maybe using default passwords.which leads to an attack.
✓ Exploit old versions: Unused services tend to be forgotten, which means that they not get updated. Old versions of software tend to be full of known vulnerabilities.
✓ Gain Access: Some services give an attacker easy access to certain information, they can perform N number of techniques on the operating system.
How to identify the processes the process which keep ports open ?
✓ Windows OS : 7/8/10
For Windows operating systems, you can use netstat command, which is included with the OS by default.
Now, that you have identified the process and service that is responding to requests on the specific port or any unsed ports, you would need to confirm that the service is not required or in usage. If you proceed to either configuring the application to stop listening, or stop the service from Windows Services, and marking the service as disabled.
The given below screenshot indicates the information for the example.
✓ Linux OS: Red Hat Linux, CentOS, Fedora, openSUSE, Mandrake Linux etc..,
netstat -tulpn
. This will list all the network connections running,listening,established connections on the machine. The last column indicates the process id of the process for the specific network connection.For Instance: if you only want to list the network connections on port 3306, use: type:
netstat -tulpn | grep :“3306”
Note: Depending upon the familiarity, you can use any of these commands (top, ps, pidof, pgrep) for this purpose.
Now, that you have identified the process and service that is responding to requests on the specific port or any unsed ports, you would need to confirm that the service is not required or in usage. If you proceed to either configuring the application to stop listening, or stop the service from Linux Services, and marking the service as disabled.
The given below screenshot indicates the information for the example.
In order to stop daemons in Debian-flavoured Linux distributions, use the following commands to stop any daemons on the server.
Ubuntu:
service mysqld stop
or
/etc/init.d/mysqld stop
Or
To kill the particular process by using the fork command. Find (and kill) all processes listening on a port. Killing by the process ID is useful when you want to kill only a specific process. On the other hand, killing by the process name is useful when you want to kill all running instances of a particular program. To get to know more about the kill singal process information.Please, refer
pkill - INT process-name
sudo kill -9 PID
✓Centos: You stop a service with the systemctl stop command.
systemctl stop httpd
You can also kill a particular process that has been running for a certain period of time on the server with the command -o and -y flags. So, if you want to kill a process that has been running for more than 30 minutes and less than 30 minutes.
more than 30 minutes: Killall -o 30m <process-name>
Eg: killall -o 30m mysql
less than 30 minutes: Killall -y 30m <process-name>
Eg: killall -y 30m mysql
Abbreviations: Time period
— — — — — — — — Firewall Operations: Centos 6/7 — — — — — — —
Firewall Operations: List services
1. List current services:
You can check the current running services by specifying the “ — list-services” option in the command.
firewall-cmd --list-services --zone = publicdhcpv6 -client https
Firewall Operations: Add services
2. Add service:
To add a service by specifying the “ — add-service” option.
firewall-cmd --add-service = https --zone = public --permanent
3.Delete Service:
firewall-cmd --add-service = https --zone = public --permanent
Firewall Operations: List Ports
1. List ports:
You can check the current running ports by specifying the “ — list-ports” option in the command.
firewall-cmd --list-ports --zone = public
Firewall Operations: ADD port Number
2. Add Port Number:
firewall-cmd --add-port = 5555 / tcp --zone = public
Firewall Operations: ADD port Numbers
3.Delete Port Number:
firewall-cmd --remove-port = 5555 / tcp --zone = public
or
firewall-cmd --zone=public --permanent --remove-port=5555/tcp
firewall-cmd --reload
— — — — — — — — - — — — — — — —
1. Firewall Operations: List services
Sudo ufw status
Firewall Operations: Add services
To add a service by specifying the “ — add-service” option.
sudo ufw allow http
Firewall Operations: ADD port Number
sudo ufw allow 80/tcp
There are two different ways to delete UFW rules, by rule number and another one by specifying the actual rule code.
Method one:
sudo ufw status numbered
To delete a particular rule number, specific the rule number that allows connections port to use 45009, that is #119. Use the following command to delete the port/service together.
sudo ufw delete 119
Method Two: To delete a rule by specifying the actual rule code.
sudo ufw delete allow 45009
If for any reason you want to stop UFW and deactivate all the rules you can use:
sudo ufw disable
sudo ufw enable
Reset Firewall: (Back to default settings)
Be aware, Resetting UFW will disable UFW, and also delete all active rules.
sudo ufw reset
Quote of the day:
“Into every life a little rain must fall” — English Proverb
Explanation:
English Proverb We all wish for only the good days, but to appreciate the good day, we also need more difficult ones. The bad times teach us lessons, help us grow, and as stated gives us an appreciation for the good times. Always remember that the rain does stop and the sun does shine again.
Thanks for reading!
Have a pleasant day!
Also published at