If you use nmap to scan for open ports on a business's website
and found that the following ports were open, what would be the
security risk for each and what would be the best action to take to
make it more secure?:
443/tcp https
3306/tcp mysql
3389/tcp ms-wbt-server
5432/tcp postgresql
Hi, here are all the Risks and safety measures listed for the
corresponding ports..
1) 443/tcp https
Risks
The web interface on port 443/tcp could allow an attacker to cause
a Denial-of-Service condition by sending specially crafted packets
to the web server.
Your System wil automatically Reboot, impacting network
availability for other devices. An attacker must have network
access to port 443/tcp to exploit the vulnerability.
This vulnerability could be triggered by publicly available
tools.
Safety measures
The Precaution we can take is to look that the port is not opened
by default.
After serving the puropose the port is immediately closed.
2)3306/tcp mysql
Risks
Port 3306 is the default port that is used for sql databases and if
a hacker find this vulnerability then he can corrupt your database,
access all the database.
Basically all the database related changes can be made.
and It can leads you to financial loss also.
Safety measures
To prevent the attack the admin must ensure that on Mysql port
directories are not writable.
But by default, this attack cannot be performed.
So, admin, the has done following the configuration then an
attacker can check for directories that are writable.
3)3389/tcp ms-wbt-server
Risks
If this port is activated or open the the attacker can violate the
RDP(Remote Desktop protocol).
Your System can be Remotely hacked and all the data will be at
risk.
Mainly Brute Force attck is used for these type of violations
Safety measures
For securing this you should chnage you Account lockout
policies.
Admin can protect their network from brute force attack using
Account lockout policy.
Configure following policies under Security setting > Account
policies > Account lockout policies.
The admin should not provide writable access to the import folders
or database tables.
4)5432/tcp postgresql
Risks
If this Port is opened the hacker can access data in the database
running on different computer in the network.
This vulnerability of this Port also leads to the loss of database
files.A large amount of data can be stolen.
Safety measures
For Security ensure that your firewall is always enabled.
Use paid antivirus for fully secure system.
And always terminate the port after use.
If you use nmap to scan for open ports on a business's website and found that...
1a) Which of the following statements is true? Running SSH on the Telnet port will now be sent across an unencrypted port. Despite the results of the scan, the service running on port 23 is actually Telnet and not SSH, and creates an additional vulnerability Running SSH on port 23 provides little additional security from running it on the standard port. Remote SSH connections will automatically default to the standard SSH port. The use of OpenSSH on its default secure...
IT's About Business 4.1 The Heartbleed Bug What Is Heartbleed? OpenSSL, an open-source software package, is a popular type of transport layer security (TLS) software (discussed later in this chapter) that secures numerous websites around the world. Web servers use OpenSSL to encrypt sites. Such sites show up in browsers with a “lock” icon and the “https” prefix in the address bar. The encryption protects Internet sites offering banking, shopping, email, and other private communications. Roughly two out of three...
Risk management in Information Security today Everyday information security professionals are bombarded with marketing messages around risk and threat management, fostering an environment in which objectives seem clear: manage risk, manage threat, stop attacks, identify attackers. These objectives aren't wrong, but they are fundamentally misleading.In this session we'll examine the state of the information security industry in order to understand how the current climate fails to address the true needs of the business. We'll use those lessons as a foundation...
Please read the article and answer about questions. You and the Law Business and law are inseparable. For B-Money, the two predictably merged when he was negotiat- ing a deal for his tracks. At other times, the merger is unpredictable, like when your business faces an unexpected auto accident, product recall, or government regulation change. In either type of situation, when business owners know the law, they can better protect themselves and sometimes even avoid the problems completely. This chapter...