SlideShare a Scribd company logo

Identify and mitigate high risk port vulnerabilities

Download as PPTX, PDF
GENIANS, INC.
GENIANS, INC.

With two thirds of Cyber Attacks occurring on three commonly enabled ports, active open Port Awareness is an essential feature. Without this knowledge it is impossible to assess the potential risk of exposure on a network. With Genian NAC Sensor technology deployed, a separate vulnerability scanner is not required. Less systems to manage means more time and efficiency for IT staff. Additionally, knowing that a network is at risk because these High Risk ports are enabled on various nodes is only half the battle. Being able to rapidly block nodes from the network if required without tracking down the location of a device is crucial. Genian NAC provides real-time open Port Awareness, a means to quickly and easily block a node from network access, the ability to monitor any time a new device with High Risk ports enabled connects to the network and built-in reporting so Admins can mitigate the risk in a timely manner.

Related slideshows

Application layer Security in IoT: A Survey
Application layer Security in IoT: A SurveyApplication layer Security in IoT: A Survey
Application layer Security in IoT: A Survey
 
Track 5 session 2 - st dev con 2016 - security iot best practices
Track 5 session 2 - st dev con 2016 - security iot best practicesTrack 5 session 2 - st dev con 2016 - security iot best practices
Track 5 session 2 - st dev con 2016 - security iot best practices
 
Scada security presentation by Stephen Miller
Scada security presentation by Stephen MillerScada security presentation by Stephen Miller
Scada security presentation by Stephen Miller
 
1 of 10
Genians Identify and Mitigate High Risk Port Vulnerabilities Brett R. Hamill / Solution Architect
CHALLENGES TOP CYBER ATTACK PORTS Is Your Network Safe? Lack of Visibility leads to network vulnerability Devices and active ports need to be identified and monitored Once identified, control is key to mitigate risk A single solution for Admins allows for both Visibility and Control The Problem ● High Risk ports are active on your network today ● These ports are the most common ports targeted ● These devices are at risk for Cyber Attacks ● Simple scanning only identifies that ports are active ● Must have ability to block devices on demand “Alert Logic says that these appear in 65% of the incidents” “According to the report, the ports most frequently used to carry out an attack are 22, 80, and 443, which correspond to SSH, HTTP and HTTPS” “Alert Logic says that these appear in 65% of the incidents” Most Cyber Attacks Focus on Just Three TCP Ports READ MORE
GENIAN NAC Open Port Awareness Identify devices with High Risk ports open Block devices on-demand Monitor for new devices with these ports active Generate reporting to notify Admins real-time The Solution ● Identify - Knowing is half the challenge ● Block - Immediate quarantine if desired ● Monitor - Ensure the network is safe moving forward ● Report - Notifying Admins is critical Genian NAC Sensor technology monitors traffic on the network and reports what ports are open on all active network nodes by default. This translates to out-of-the-box open Port Awareness without specific configuration requirements or setup. Continual monitoring and reporting ensures that even after the initial risk is mitigated, Admins will be notified whenever these High Risk ports light up on the network allowing for real-time quarantine / mitigation.
IDENTIFY Genian NAC Dashboard displays all active nodes Open TCP/UDP ports are monitored in real-time No special configuration required Single click in Dashboard displays all active ports From the Node Management view of the Dashboard, select Open Port under Status & Filters. A list of active ports is displayed along with all nodes that have the listed TCP/UDP ports opened.
Review all listed devices Determine if a device should be blocked Quickly block device my MAC address Device no longer can access the network and the risk is mitigated Displaying the list of HTTP enabled devices, it is determined that one of the devices is a non-critical device that should not have HTTP enabled. The device is easily blocked by MAC address. BLOCK
Create Node Groups for HIgh Risk ports Enable Logging From the Policy Menu, configure Node Groups for each of the three High Risk ports - 80, 443 and 22. MONITOR
Verify Nodes match on Groups Verify Logging Verify Node Groups in Node Management and verify Node Group assignments in the logs . MONITOR
Create Report Definition Enable Auto-Generation Specify Report Interval Define Email Delivery Enable reporting so Admins will receive an email at a specified interval advising what new nodes are active on the network with any of the High Risk ports enabled. REPORT
Top Cyber Attack Ports - Genian NAC Protection With two thirds of Cyber Attacks occurring on three commonly enabled ports, active open Port Awareness is an essential feature. Without this knowledge it is impossible to assess the potential risk of exposure on a network. With Genian NAC Sensor technology deployed, a separate vulnerability scanner is not required. Less systems to manage means more time and efficiency for IT staff. Additionally, knowing that a network is at risk because these High Risk ports are enabled on various nodes is only half the battle. Being able to rapidly block nodes from the network if required without tracking down the location of a device is crucial. Genian NAC provides real-time open Port Awareness, a means to quickly and easily block a node from network access, the ability to monitor any time a new device with High Risk ports enabled connects to the network and built-in reporting so Admins can mitigate the risk in a timely manner. Rapid Deployment No Network Changes Visibility Enabled by Default Quickly Address Risk Easily Configure Monitoring and Reporting HIGHLIGHTS
www.genians.com Together. More Secure

More Related Content

Identify and mitigate high risk port vulnerabilities

  • 1. Genians Identify and Mitigate High Risk Port Vulnerabilities Brett R. Hamill / Solution Architect
  • 2. CHALLENGES TOP CYBER ATTACK PORTS Is Your Network Safe? Lack of Visibility leads to network vulnerability Devices and active ports need to be identified and monitored Once identified, control is key to mitigate risk A single solution for Admins allows for both Visibility and Control The Problem ● High Risk ports are active on your network today ● These ports are the most common ports targeted ● These devices are at risk for Cyber Attacks ● Simple scanning only identifies that ports are active ● Must have ability to block devices on demand “Alert Logic says that these appear in 65% of the incidents” “According to the report, the ports most frequently used to carry out an attack are 22, 80, and 443, which correspond to SSH, HTTP and HTTPS” “Alert Logic says that these appear in 65% of the incidents” Most Cyber Attacks Focus on Just Three TCP Ports READ MORE
  • 3. GENIAN NAC Open Port Awareness Identify devices with High Risk ports open Block devices on-demand Monitor for new devices with these ports active Generate reporting to notify Admins real-time The Solution ● Identify - Knowing is half the challenge ● Block - Immediate quarantine if desired ● Monitor - Ensure the network is safe moving forward ● Report - Notifying Admins is critical Genian NAC Sensor technology monitors traffic on the network and reports what ports are open on all active network nodes by default. This translates to out-of-the-box open Port Awareness without specific configuration requirements or setup. Continual monitoring and reporting ensures that even after the initial risk is mitigated, Admins will be notified whenever these High Risk ports light up on the network allowing for real-time quarantine / mitigation.
  • 4. IDENTIFY Genian NAC Dashboard displays all active nodes Open TCP/UDP ports are monitored in real-time No special configuration required Single click in Dashboard displays all active ports From the Node Management view of the Dashboard, select Open Port under Status & Filters. A list of active ports is displayed along with all nodes that have the listed TCP/UDP ports opened.
  • 5. Review all listed devices Determine if a device should be blocked Quickly block device my MAC address Device no longer can access the network and the risk is mitigated Displaying the list of HTTP enabled devices, it is determined that one of the devices is a non-critical device that should not have HTTP enabled. The device is easily blocked by MAC address. BLOCK
  • 6. Create Node Groups for HIgh Risk ports Enable Logging From the Policy Menu, configure Node Groups for each of the three High Risk ports - 80, 443 and 22. MONITOR
  • 7. Verify Nodes match on Groups Verify Logging Verify Node Groups in Node Management and verify Node Group assignments in the logs . MONITOR
  • 8. Create Report Definition Enable Auto-Generation Specify Report Interval Define Email Delivery Enable reporting so Admins will receive an email at a specified interval advising what new nodes are active on the network with any of the High Risk ports enabled. REPORT
  • 9. Top Cyber Attack Ports - Genian NAC Protection With two thirds of Cyber Attacks occurring on three commonly enabled ports, active open Port Awareness is an essential feature. Without this knowledge it is impossible to assess the potential risk of exposure on a network. With Genian NAC Sensor technology deployed, a separate vulnerability scanner is not required. Less systems to manage means more time and efficiency for IT staff. Additionally, knowing that a network is at risk because these High Risk ports are enabled on various nodes is only half the battle. Being able to rapidly block nodes from the network if required without tracking down the location of a device is crucial. Genian NAC provides real-time open Port Awareness, a means to quickly and easily block a node from network access, the ability to monitor any time a new device with High Risk ports enabled connects to the network and built-in reporting so Admins can mitigate the risk in a timely manner. Rapid Deployment No Network Changes Visibility Enabled by Default Quickly Address Risk Easily Configure Monitoring and Reporting HIGHLIGHTS