Posts

Porte non standard sotto attacco

Nei film di supereroi a un certo punto si vedono dei personaggi che parlano di proteggere la loro identità con l’anonimato. Ad eccezione di Iron Man, nascondere la propria identità conferisce ai supereroi una sorta di protezione. La sicurezza delle reti è qualcosa di simile.

“La sicurezza nell’oscurità” è un’affermazione che viene apprezzata ma anche criticata. Se si guida un’auto su strade secondarie anziché in autostrada per evitare incidenti, ci si può sentire sicuri? Si arriva a destinazione in tempo? È possibile, ma ciò non significa poter sempre evitare i problemi.

Differenza tra porte standard e non

Le porte dei firewall vengono assegnate dalla Internet Assigned Numbers Authority (IANA) per fini o servizi specifici.

A fronte delle oltre 40.000 porte registrate, solo poche vengono comunemente utilizzate. Si tratta delle cosiddette porte “standard”. Ad esempio, HTTP (pagine) utilizza 80 porte, HTTPS (siti web che utilizzano codifiche) utilizza la porta 443 ed SMTP (email) la porta 25.

I firewall configurati per dialogare con queste porte sono disponibili per la ricezione del traffico. I cibercriminali lo sanno, per cui molti attacchi prendono di mira le porte comunemente utilizzate. Ovviamente, le aziende normalmente rafforzano queste porte contro le minacce.

In risposta alla moltitudine di attacchi che prendono come bersaglio le porte standard alcune organizzazioni hanno deciso di utilizzare porte “non standard” per i loro servizi. Le porte non standard vengono utilizzate per scopi diversi da quelli prestabiliti. Un esempio è l’uso della porta 8080 al posto della porta 80 per il traffico web.

Si tratta della cosiddetta strategia di “sicurezza nell’oscurità”. Anche se per qualche tempo i cibercriminali restano disorientati, non si tratta di una soluzione a lungo termine. Inoltre essa può rendere più difficile per gli utenti collegarsi ai server web dal momento che i browser sono preconfigurati per utilizzare la porta 80.

Attacchi contro porte non standard

I dati del Rapporto SonicWall 2019 sulle ciberminacce indicano che il numero di attacchi rivolto contro le porte non standard è aumentato. Nel 2017 SonicWall ha riscontrato che più del 17,7% degli attacchi malware è passato attraverso porte non standard.

A fronte del dato del 2018, 19,2%, si è avuto un aumento dell’8,7%. Nel solo mese di dicembre del 2018 la percentuale è salita addirittura al 23%.

Che cosa fare per proteggere le porte non standard?

La miglior difesa contro i ciberattacchi sferrati contro i servizi attraverso porte standard e non, consiste nell’adottare una strategia di difesa multilivello.

La ”sicurezza nell’oscurità” è solo uno di essi. Fare eccessivo affidamento su di essa non garantisce comunque il necessario livello di sicurezza. Può essere d’aiuto contro la scansione delle porte, ma non ferma i ciberattacchi più mirati.

Per questo occorre adottare azioni più incisive, come il cambio frequente delle password, l’uso dell’autenticazione a due fattori e l’installazione di patch e aggiornamenti. E si può anche decidere di utilizzare un firewall in grado di analizzare determinati aspetti anziché tutto il traffico (ad esempio un approccio basato su proxy).

 

Non-Standard Ports Are Under Cyberattack

If you like watching superhero movies, at some point you’ll hear characters talk about protecting their identities through anonymity. With the exception of Iron Man, hiding their true identities provides superheroes with a form of protection. Network security is similar in this respect.

‘Security through obscurity’ is a phrase that’s received both praise and criticism. If you drive your car on side streets instead of the freeway to avoid potential accidents, does that make you safer? Can you get to where you need to go as efficiently? It’s possible, but it doesn’t mean you can evade bad things forever.

Difference between standard and non-standard ports

Firewall ports are assigned by the Internet Assigned Numbers Authority (IANA) to serve specific purposes or services.

While there are over 40,000 registered ports, only a handful are commonly used. They are the ‘standard’ ports. For example, HTTP (web pages) uses port 80, HTTPS (websites that use encryption) uses port 443 and SMTP (email) uses port 25.

Firewalls configured to listen on these ports are available to receive traffic. Cybercriminals know this too, so most of their attacks target the commonly used ports. Of course, companies typically fortify these ports against threats.

In response to the barrage of attacks aimed at standard ports, some organizations have turned to using ‘non-standard’ ports for their services. A non-standard port is one that is used for a purpose other than its default assignment. Using port 8080 instead of port 80 for web traffic is one example.

This is the ‘security through obscurity’ strategy. While it may keep cybercriminals confused for a while, it’s not a long-term security solution. Also, it can make connecting to your web server more difficult for users because their browser is pre-configured to use port 80.

Attacks on non-standard ports

Data in the 2019 SonicWall Cyber Threat Report indicates that the number of attacks directed at non-standard ports has grown. In 2017, SonicWall found that over 17.7% of malware attacks came over non-standard ports.

In comparison, that number was 19.2% in 2018, an increase of 8.7 percent. December 2018 alone hit an even higher number at 23%.

How do I protect non-standard ports?

The best defense against cyberattacks targeting services across both standard and non-standard ports is to have a layered security strategy.

Using ‘security through obscurity’ is just one layer. Relying on it too heavily, however, won’t provide the level of security you need. It may help against port scans, but it won’t stop cyberattacks that are more focused.

You’ll also want to take some other actions, such as changing passwords frequently, using two-factor authentication, and applying patches and updates. And, you’ll want to use a firewall that can analyze specific artifacts instead of all traffic (i.e., proxy-based approach).

Connecting and Protecting the Remote Islands of Corporate IT – BYOD and Mobility

How Dell and SonicWall’s SMA and Next-Generation Firewall solution builds secure virtual bridges for today’s fragmented environments

As employees are no longer restricted to the physical structures of their company headquarters, what and how they connect to their corporate network presents a multitude of challenges. Corporate IT environments consist of a seemingly uncontrollable combination of devices, operating systems, and geographic locations. Securely connecting all of these is one of the most crucial IT initiatives companies are faced with as Gartner reports that 70% of mobile professionals will conduct their work on personal smart devices by 2018.

As we are all well aware, all endpoints pose significant threats to network security. Specifically, BYOD consumer devices are usually the most difficult to manage and secure. Data loss or leakage and unauthorized access or transmission are a constant concern. Mobile devices can also retain sensitive or proprietary data while wirelessly connected to the corporate network. White-listing apps for distribution on IOS and Android platforms help lock down mobile devices, but unmanaged laptops require greater endpoint control via the VPN.

What can you do to protect it all?

Dell and SonicWall’s VPN and Next-Generation Firewall solution delivers a layered defense strategy to ensure employees have the access they need while providing the security the company requires.

Components of a VPN and Next-Generation Firewall Solution:

  • Secure Mobile Access (SMA) Appliances – Provide mobility and secure access for up to 20,000 concurrent users from a single, powerful, and granular access control engine.
  • Next-Generation Firewalls – Network security, control, and visibility through sandboxing, SSL inspection, intrusion prevention, anti-malware, application identification, and content filtering.
  • Remote Access Management & Reporting – Powerful, web-based remote IT management platform to streamline appliance management and provide extensive reporting.
  • VPN Clients/Mobile Connect – Simple, policy-enforced secure access to mission-critical applications and data for iOS, OS X, Android, Chrome OS, Kindle Fire, and Windows mobile devices.

Deploying a SonicWall VPN and Next-Generation Firewall solution provides multi-layered protection that can authorize, decrypt, and remove threats from SSL VPN traffic before it enters the network environment. The dual protection of a SonicWall SMA and Next-Generation Firewall is critical to ensuring the security of both VPN access and traffic. SonicWall’s remote access management and reporting also allows organizations to view, define, and enforce how application and bandwidth assets are used.

Securely connecting your workforce, partners, and customers has never been more important. Reach out today to your Dell and SonicWall contacts today to learn what implementing a SonicWall VPN and Next-Generation Firewall solution can mean for the future of your company.