To continue with the good performance of the year, we have carried out a second punctual monitoring campaign on the perimeter of our clients, this time on connection protocols.

This process is harmless to the client since it is carried out remotely and non-intrusively, using proprietary and/or third-party technology.

For this time, we wanted to carry out a campaign combining known vulnerabilities, such as insecure access, with our LEET benchmark. To do this, we have focused on the TCP ports that support the different protocols considered insecure:

FTP -port 21

Telnet - port 23

SMTPv1 and v2 - port 25

HTTP – port 80

POP3 - port 110

IMAP - port 143

The objective of this campaign is that all services, protocols and ports are secure, and in case of using it, have a record of the business justification. Additionally, additional security features will need to be implemented, as justifying this alone does not mitigate the vulnerability.

 

Para continuar con la buena evolución del año, hemos realizado una segunda campaña de monitorización puntual sobre el perímetro de nuestros clientes, en esta ocasión sobre protocolos de conexión.
Este proceso es inocuo para el cliente ya que se efectúa de manera remota y no intrusiva, utilizando tecnología propia y/o de terceros.
Para esta vez, se ha querido realizar una campaña combinando vulnerabilidades conocidas, como los accesos inseguros, con nuestro referencial LEET. Para ello, nos hemos centrado en los puertos TCP que soportan los diferentes protocolos considerados inseguros:
FTP -puerto 21
Telnet - puerto 23
SMTPv1 y v2 - puerto 25
HTTP – puerto 80
POP3 - puerto 110
IMAP - puerto 143
El objetivo de esta campaña es que todos los servicios, protocolos y puertos sean seguros, y en caso de usarlo, tener un registro de la justificación de negocio. Además, será necesario que se implementen funcionalidades de seguridad adicionales, ya que el justificarlo por sí solo no mitiga la vulnerabilidad.

 

Around 25,000 IPs have been monitored, in which 2,293 IPs have been located that have some open port considered insecure. Having these ports open without the appropriate business justification could have a direct reflection on the LEET Security rating, by failing to comply with one of the controls of "Domain 9: Network Controls", applicable from the C rating.

This monitoring system, which combines specific campaigns and periodic digital monitoring, extends the usefulness of the rating to discover one's own strengths and weaknesses, which is the first step for effective protection.
For this reason, the LEET Security rating is the most exhaustive, rigorous and reliable method to determine the level of cybersecurity of a service of any type of organization.

All you need is LEET

Suscribe to our newsletter here

You can follow us on twitter.com/leet_security

4 de julio de 2022