Identifying and Closing Unnecessary Ports

2 min read Infrastructure & DevOps Security

Identifying and Closing Unnecessary Ports

Minimizing exposed ports reduces attack surface significantly. Many systems run unnecessary services by default, creating security risks without providing business value. Systematic identification and elimination of these services hardens systems against potential exploits.

Linux systems use various tools to identify listening ports and associated processes:

# Show all listening ports with process information
sudo ss -tlnp
sudo netstat -tlnp  # Legacy command

# Find process using specific port
sudo lsof -i :80
sudo fuser 80/tcp

# Detailed socket statistics
ss -s
ss -ta state established

# Check for suspicious listeners
sudo netstat -tlnp | grep -v -E '127.0.0.1|::1' | grep LISTEN

Windows provides similar capabilities through PowerShell and built-in utilities:

# List all listening ports with process information
Get-NetTCPConnection -State Listen | Select-Object LocalAddress, LocalPort, OwningProcess, @{Name="Process";Expression={(Get-Process -Id $_.OwningProcess).ProcessName}}

# Find process using specific port
Get-Process -Id (Get-NetTCPConnection -LocalPort 80).OwningProcess

# Comprehensive port and service audit
Get-Service | Where-Object {$_.Status -eq "Running"} | ForEach-Object {
    $service = $_
    $process = Get-Process -Id $service.ProcessId -ErrorAction SilentlyContinue
    if ($process) {
        Get-NetTCPConnection -OwningProcess $process.Id -State Listen
    }
}

Disable unnecessary services to close associated ports permanently:

# Linux service management
sudo systemctl disable --now cups  # Disable printing service
sudo systemctl disable --now avahi-daemon  # Disable mDNS
sudo systemctl mask bluetooth  # Prevent service from starting

# Remove unnecessary packages
sudo apt-get purge rpcbind nfs-common  # Remove NFS if unused
sudo yum remove telnet-server rsh-server  # Remove insecure services

Windows service hardening requires careful consideration of dependencies:

# Disable unnecessary services
Stop-Service -Name "Spooler" -Force
Set-Service -Name "Spooler" -StartupType Disabled

# Disable services via registry for persistence
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\RemoteRegistry" -Name Start -Value 4

# Review and disable scheduled tasks that may open ports
Get-ScheduledTask | Where-Object {$_.State -eq "Ready"} | ForEach-Object {
    $_.Actions | Where-Object {$_ -match "network|listen|server"}
}