Question

If you use nmap to scan for open ports on a business's website and found that the following ports were open, what would be the security risk for each and what would be the best action to take to make it more secure?:
443/tcp https
3306/tcp mysql
3389/tcp ms-wbt-server
5432/tcp postgresql

Answer 1

Hi, here are all the Risks and safety measures listed for the corresponding ports..

1) 443/tcp https

Risks
The web interface on port 443/tcp could allow an attacker to cause a Denial-of-Service condition by sending specially crafted packets to the web server.
Your System wil automatically Reboot, impacting network availability for other devices. An attacker must have network access to port 443/tcp to exploit the vulnerability.
This vulnerability could be triggered by publicly available tools.

Safety measures
The Precaution we can take is to look that the port is not opened by default.
After serving the puropose the port is immediately closed.

2)3306/tcp mysql

Risks
Port 3306 is the default port that is used for sql databases and if a hacker find this vulnerability then he can corrupt your database, access all the database.
Basically all the database related changes can be made.
and It can leads you to financial loss also.

Safety measures
To prevent the attack the admin must ensure that on Mysql port directories are not writable.
But by default, this attack cannot be performed.
So, admin, the has done following the configuration then an attacker can check for directories that are writable.

3)3389/tcp ms-wbt-server

Risks
If this port is activated or open the the attacker can violate the RDP(Remote Desktop protocol).
Your System can be Remotely hacked and all the data will be at risk.
Mainly Brute Force attck is used for these type of violations

Safety measures
For securing this you should chnage you Account lockout policies.
Admin can protect their network from brute force attack using Account lockout policy.
Configure following policies under Security setting > Account policies > Account lockout policies.
The admin should not provide writable access to the import folders or database tables.

4)5432/tcp postgresql

Risks
If this Port is opened the hacker can access data in the database running on different computer in the network.
This vulnerability of this Port also leads to the loss of database files.A large amount of data can be stolen.

Safety measures
For Security ensure that your firewall is always enabled.
Use paid antivirus for fully secure system.
And always terminate the port after use.