Exposed services…huh? Open ports…what? Have you heard these terms mentioned recently and wondered what on earth they are? Or why are they important? We’re here to provide some clarity.
Exposed services and open ports actually mean the same thing… and they pose a cybersecurity risk to your school or kura. An open port allows your school to access a particular part of the internet, and generally allows access to a specific service. Ports are a crucial part of the internet – as all communication over the internet is exchanged via ports.
For example, in the case of our Safe & Secure Internet service, our recommended Firewall settings suggest five ports we recommend blocking to help provide a baseline level of protection to your network. Each of these five ports have a service attached to them (e.g. port 3389 is Remote Desktop, which schools use for remotely accessing the school network from home). The ports we allow schools access to depend on what the school tells us they want to have open.
When it comes to your school’s network, by having certain ports open (or exposed services) there’s a higher risk of your school becoming a target for the internet bad guys. Ports may initially be opened by schools for a purpose and then forgotten about, or staff may change and no one realises they’ve been left open. Open ports that are no longer needed can pose a major security risk, as appropriate security measures may not be in place.
Using an example of a house, it’s like forgetting that you left a window unlocked and, if a bad guy happens to find that window, then they can easily enter and cause trouble.
The Log4j incident in December 2021 is a real life example of a major vulnerability involving open ports. There’s been more recent examples such as the PaperCut vulnerability in April 2023. In these examples, a vulnerability is when a particular open port has an identified weak spot that puts networks at risk.
What can I do?
If you hear from us about a potential risk, we highly recommend you follow our advice to help protect your school’s network and ākonga. We have a dedicated Security team that constantly monitors the network and CERT NZ advisories for identified risks, so if we discover an open port that could impact your school, we’ll be in touch.
You can also ask your IT provider (or N4L if you don’t have one) to carry out an audit of your school’s open ports and determine whether there are any that could be closed.
For ports that are required to be open for your school, we recommend keeping on top of any security updates (patches) available for the service, system or device that the ports provide access to. Another useful idea is to create and maintain a register of what ports are open and have a process or regular reminder to check that your security patches are up to date. In some cases, there could even be a cloud-based offering that could be used instead, which makes this a lot easier – but we understand that making this switch can take time and effort (and sometimes, cost).
If your school or kura has ports that are open, there are a number of things that you can do to help reduce the risk:
- Close the port and allow access only via a VPN (Virtual Private Network).
- Restrict access to NZ traffic only (geo-restriction).
- Close the port if it’s no longer used, and only have ports open that the school requires.
- Speak to N4L or your IT provider about security options for the ports your school has open.
- Regularly patch services and devices that are connected to the internet to make sure patches are up to date – some will notify you when an update is available, and some will need to be proactively checked. It’s a good idea to have someone responsible at the school for checking and maintaining security updates, or checking whether these ports are still required on a regular basis.
As always, it’s important to know that there’s no way to guarantee 100% protection from online threats, but there are actions that you can take to help keep your school or kura’s online learning environment safer and more secure.
Moral of the story? All ports are risky to some extent, but as long as you have the appropriate security measures in place, you’ll be well on your way to providing a safer online learning environment.
And remember, if you hear from N4L about any open ports (or exposed services) that pose a security risk for your school or kura, please follow our advice to help protect you and your ākonga. If you have any questions or want to know more, we’re here to help. Give us a call on 0800 LEARNING (532 764) or email [email protected].
If you’d like to hear more from N4L, or see more blogs like this, why not subscribe?