TCP port 20 is used for FTP (File Transfer Protocol) data transfer. If unrestricted inbound access is allowed to this port, it can lead to unauthorized access to FTP servers and the possibility of data exfiltration. Attackers can also launch FTP-based attacks such as brute-force attacks, command injections, and file transfers with malicious payloads.
To remediate unrestricted inbound access to TCP port 20 (FTP), you can take the following steps:
- Identify the system that is listening on TCP port 20 and determine whether it is necessary to have FTP access.
- If FTP access is not necessary, disable the FTP service on the system that is listening on port 20. This can typically be done by stopping the FTP server daemon or service.
- If FTP access is necessary, configure the FTP service to use secure FTP (SFTP) or FTP over SSL (FTPS) to encrypt traffic and add an additional layer of security.
- If SFTP or FTPS cannot be used, consider implementing a host-based firewall or network-based firewall to restrict access to TCP port 20 to authorized hosts or networks.
- Regularly review and update the firewall rules to ensure that only authorized hosts or networks have access to the FTP service over TCP port 20.
By following these steps, you can mitigate the risk of unauthorized access to the FTP service running on TCP port 20 and protect sensitive data transmitted over the FTP protocol.
Note: Remediation steps provided by Lightlytics are meant to be suggestions and guidelines only. It is crucial to thoroughly verify and test any remediation steps before applying them to production environments. Each organization's infrastructure and security needs may differ, and blindly applying suggested remediation steps without proper testing could potentially cause unforeseen issues or vulnerabilities. Therefore, it is strongly recommended that you validate and customize any remediation steps to meet your organization's specific requirements and ensure that they align with your security policies and best practices.
