CIS Control 9: Limitation and Control of Network Ports, Protocols, and Services

Home  »  Blog  »  Cyber Security  »  CIS Control...

By Bill Minahan   |   March 29, 2021   |   0 Comments

CIS Control 13

CIS Control 9: Limitation and Control of Network Ports, Protocols, and Services

What is CIS Control 9?

The CIS controls are a set of actions that protect your organization from the most pervasive cyber attacks. There are 20 total critical controls that prioritize the most essential actions your organization can take in order to gain the highest pay-off results.

CIS Control 9 focuses on managing (tracking, controlling, and correcting) the ongoing operational use of ports, protocols, and services on networked devices in order to minimize the windows of vulnerability available to attackers.

Why is this CIS Control Critical?

The CIS Controls are based on actionable guidance from today’s biggest threats, formed by the consensus of the world’s leading experts across a variety of sectors.

CIS Control 9 is critical because attackers often search for remotely accessible network services that are vulnerable to exploitation.

For instance, common examples include poorly configured web servers, mail servers, file and print services, and DNS servers. These are often installed by default on a variety of different device types, often without a business need for the given service.

Furthermore, many software packages automatically install services and turn them on as part of the installation of the main software package. Often this can occur without informing a user or administrator that the services have been enabled.

Attackers scan for such services and attempt to exploit these services, usually by attempting to exploit default user IDs and passwords or widely available exploitation code.

As a result, it is critical to limit and control network ports, protocols, and services.

How to Implement CIS Control 9

Sub-Control

Asset Type

Security Function

Control Title

Control Descriptions

9.1

Devices Identify Associate Active Ports, Services, and Protocols to Asset Inventory  

Associate active ports, services, and protocols to the hardware assets in the asset inventory.

 

9.2

Devices Protect Ensure Only Approved Ports, Protocols, and Services Are Running  

Ensure that only network ports, protocols, and services listening on a system with validated business needs are running on each system.

 

9.3

Devices Detect Perform Regular Automated Port Scans  

Perform automated port scans on a regular basis against all systems and alert if unauthorized ports are detected on a system.

9.4

Devices Protect Apply Host-Based Firewalls or Port-Filtering  

Apply host-based firewalls or port-filtering tools on end systems, with a default-deny rule that drops all traffic except those services and ports that are explicitly allowed.

 

9.5

Devices Protect Implement Application Firewalls  

Place application firewalls in front of any critical servers to verify and validate the traffic going to the server. Any unauthorized traffic should be blocked and logged.

 

 

Implementing CIS Controls

If your team is struggling to implement CIS Control 9 and could use the assistance of a third-party security provider, aNetworks is here to help. Our team of experts can assist with whatever level of service you require from consulting to complete implementation.

If you are interested in learning more about CIS Controls, view our comprehensive list here.

If you are interested, then please contact us below.

Contact Us

Furthermore, if you are looking for more information, check out our resource center here.

Finally, you can always find us on TwitterLinkedIn, and Facebook.


Category: Cyber Security