Manage (track/control/correct) the ongoing operational use of ports, protocols, and services on networked devices in order to minimize windows of vulnerability available to attackers.
[csf.tools Note: For more information on the Critical Security Controls, visit the Center for Internet Security.]
Associate active ports, services, and protocols to the hardware assets in the asset inventory.
Ensure that only network ports, protocols, and services listening on a system with validated business needs are running on each system.
Perform automated port scans on a regular basis against all systems and alert if unauthorized ports are detected on a system.
Apply host-based firewalls or port-filtering tools on end systems, with a default-deny rule that drops all traffic except those services and ports that are explicitly allowed.
Place application firewalls in front of any critical servers to verify and validate the traffic going to the server. Any unauthorized traffic should be blocked and logged.