Cool Halo Trick #10: Detecting unexpected open listening ports on your network interface

Problem: You want to know if an unexpected port opens up and starts listening on any of your cloud servers.

Step 1.
Create a “Network Service Accessibility” configuration check which will list all open ports on a given network interface. The check determines that only specific ports are open on the server’s interfaces.

For this check, in addition to interrogating for network services from within the server, Halo identifies which open ports are accessible from the Internet.

Step 2.

Add the check to your existing configuration policy. Anytime a configuration scan is run, the check will “fail” if any port that isn’t specified is found to be open on the network interface. It there are multiple ports specified, those that are meant to be open are listed in green while those that should not be open are marked in red.

You can also check the “alert” check box, so if you’ve set up Halo Logging and Alerting, you will receive a alert if the configuration check fails and an unexpected open port starts listening on your network interface.

Stay up to date

Get the latest news and tips on protecting critical business assets.

Related Posts