:star: G9 Control of Network Ports (:checkered_flag: G9-4 Verify any…
:star: G9 Control of Network Ports
Ensure that only
ports, protocols, and services
with validated business needs
are running on each system.
Perform automated port scans on a regular basis
against all key servers
and compared to a known effective baseline.
If a change that is not listed on the organization's approved baseline is discovered,
an alert should be generated and reviewed.
Verify any server
that is visible from the internet
or an untrusted network
and if it is not required for business purposes
move it to an internal VLAN
and give it a private address.
Place application firewalls
in front of any critical servers
to verify and validate the traffic going to the server.
Any unauthorized services or traffic
should be blocked and an alert generated.