- Aug 12, 2022

Publicly exposed protocols - open doors for attacks

The new ExtraHop Benchmarking Cyber Risk and Readiness Report shows a high percentage of organizations expose insecure or highly sensitive protocols, including SMB, TDS, LDAP and Telnet, to the public internet.

The report shows that SSH is the most exposed sensitive protocol - with 64% of organizations having at least one server exposing the protocol to the public internet. SSH is a well designed protocol with good cryptography, but if breached can offer full access to the compromised device and offer a strong foothold to the adversary. It is therefore a favorite target for threat actors seeking access and control of an organization's IT assets.

If well implemented, managed and strengthened with multi-factor authentication, SSH is not such an issue. What is more concerning are the other findings in the report:

LDAP is publicly accessible in 41% of organizations. Clever actors can leverage LDAP for information disclosure, for ex. discovering valid usernames. Often, the protocol runs in clear-text without TLS encapsulaton.
SMB (Server Message Block) appears to be exposed in 31% of organizations. SMB can be used for lateral movement and file transfers, and so should never be exposed publicly.
Amazingly, Telnet is still being used and exposed at 12% of organizations. Telnet should be disabled on all levels as it's a completely deprecated and insecure protocol.
FTP still publicly available in 36% of organizations. FTP offers practically no security and can easily expose usernames and passwords in clear-text.

Organizations should focus on strengthening their overall security posture, and specially to disable all unnecessary or insecure protocols exposed and running on the public internet.