Identifying and keeping track of the services and protocols used in your environment can be difficult. Below are some steps to get started and some tips to simplify management.
Scan and analyze environments
Scan your environments to find out what ports are open, what services are running, and what protocols are supported.
Validate the results of the network scan by manually retesting all business-critical or Internet-facing services. Although automated scanning is a valuable tool, false positives or negatives are possible. Compare multiple network scans to verify their accuracy.
Verify necessary services and protocols
Review network scan results to understand what services and protocols are needed.
Confirm whether open ports and the services that use them are still needed. When installing software, services are often automatically enabled that are not needed for the functions being used.
Once you know which open ports are needed, find out which services and protocols are obsolete. These are often exposed to known vulnerabilities. For example, TLS 1.0 has been the subject of numerous vulnerabilities, and TLS 1.2 offers additional protection over TLS 1.1. TLS 1.3, which offers additional improvements over TLS 1.2, is also available.
Check whether obsolete protocols can be upgraded.
Analyze what the impacts on the business would be if obsolete services and protocols were disabled. Before disabling any service or protocol, it is important to understand the impact, if any. For example, SMBv1 is obsolete and insecure, but it is still used by many multifunction devices (MFDs). Simply disabling it could have undesirable effects. Devices that still use the old protocols may need to be reconfigured or replaced before they can be deactivated. Devices that cannot be replaced or reconfigured should be managed as legacy systems.
Performing this review will require time and resources. Document all information learned and exceptions encountered so that you do not have to repeat all the work in the future.
Disable unnecessary services and protocols.
Close ports and disable unnecessary services and protocols. This should be done on both the server side and the client side. Any services or protocols that do not have a business need are unnecessary and should be disabled.
These services and protocols must be disabled at the host level. Using technologies such as firewalls to block them is only partial mitigation.