YALE-MSS-10.1: Disable unneeded ports, protocols, and services

Standards Group:
YALE-MSS-10: Network Exposure

YALE-MSS-10.1: Disable unneeded ports, protocols, and services

Low Risk Endpoint Required Moderate Risk Endpoint Required High Risk Endpoint Required Low Risk Server Required Moderate Risk Server Required High Risk Server Required Low Risk Mobile Device Required Moderate Risk Mobile Device Required High Risk Mobile Device Required Low Risk Network Printer Required Moderate Risk Network Printer Required High Risk Network Printer Required

Details

Disabling unnecessary ports, protocols, and services reduces the attack surface and lowers the risk of potential vulnerabilities that could be exploited.

Disable all ports, protocols, and services except for those that are required for the system to function.

Nmap, netstat, or a vulnerability scanner can be utilized to determine which ports are open and services running on the ports.

If an unused port is open or service is enabled, disable it or block it via the host firewall.

Configure an appropriate resource limit or cost cap on your cloud services. Attackers can make excessive requests to your cloud services, exhausting your resources or incurring a large bill. Implementing a resource limit or cost cap can mitigate this risk.