Non-Standard Ports Are Under Cyberattack

By

If you like watching superhero movies, at some point you’ll hear characters talk about protecting their identities through anonymity. With the exception of Iron Man, hiding their true identities provides superheroes with a form of protection. Network security is similar in this respect.

‘Security through obscurity’ is a phrase that’s received both praise and criticism. If you drive your car on side streets instead of the freeway to avoid potential accidents, does that make you safer? Can you get to where you need to go as efficiently? It’s possible, but it doesn’t mean you can evade bad things forever.

Difference between standard and non-standard ports

Firewall ports are assigned by the Internet Assigned Numbers Authority (IANA) to serve specific purposes or services.

While there are over 40,000 registered ports, only a handful are commonly used. They are the ‘standard’ ports. For example, HTTP (web pages) uses port 80, HTTPS (websites that use encryption) uses port 443 and SMTP (email) uses port 25.

Firewalls configured to listen on these ports are available to receive traffic. Cybercriminals know this too, so most of their attacks target the commonly used ports. Of course, companies typically fortify these ports against threats.

In response to the barrage of attacks aimed at standard ports, some organizations have turned to using ‘non-standard’ ports for their services. A non-standard port is one that is used for a purpose other than its default assignment. Using port 8080 instead of port 80 for web traffic is one example.

This is the ‘security through obscurity’ strategy. While it may keep cybercriminals confused for a while, it’s not a long-term security solution. Also, it can make connecting to your web server more difficult for users because their browser is pre-configured to use port 80.

Attacks on non-standard ports

Data in the 2019 SonicWall Cyber Threat Report indicates that the number of attacks directed at non-standard ports has grown. In 2017, SonicWall found that over 17.7% of malware attacks came over non-standard ports.

In comparison, that number was 19.2% in 2018, an increase of 8.7 percent. December 2018 alone hit an even higher number at 23%.

How do I protect non-standard ports?

The best defense against cyberattacks targeting services across both standard and non-standard ports is to have a layered security strategy.

Using ‘security through obscurity’ is just one layer. Relying on it too heavily, however, won’t provide the level of security you need. It may help against port scans, but it won’t stop cyberattacks that are more focused.

You’ll also want to take some other actions, such as changing passwords frequently, using two-factor authentication, and applying patches and updates. And, you’ll want to use a firewall that can analyze specific artifacts instead of all traffic (i.e., proxy-based approach).

This post is also available in: Italian

SonicWall Staff