CIS Logo
tagline: Confidence in the Connected World
HomeCIS ControlsCIS Control 9: Limitation and Control of Network Ports, Protocols, and Services
Young men working on a computer

CIS Control 9

Limitation and Control of Network Ports, Protocols, and Services

Key Principle:

Manage (track/control/correct) the ongoing operational use of ports, protocols, and services on networked devices in order to minimize windows of vulnerability available to attackers.

Why is this CIS Control critical?

Attackers search for remotely accessible network services that are vulnerable to exploitation. Common examples include poorly configured web servers, mail servers, file and print services, and domain name system (DNS) servers installed by default on a variety of different device types, often without a business need for the given service. Many software packages automatically install services and turn them on as part of the installation of the main software package without informing a user or administrator that the services have been enabled. Attackers scan for such issues and attempt to exploit these services, often attempting default user IDs and passwords or widely available exploitation code.

Main Points:
  • Ensure that only ports, protocols, and services with validated business needs are running on each system.
  • Apply host-based firewalls or port filtering tools on end systems, with a default-deny rule that drops all traffic except those services and ports that are explicitly allowed.

See the full text of this CIS Control and the other 20 CIS Controls

Secure Your Organization Against the Most Common Attack Vectors


Arrow First 5 CIS Controls Arrow All 20 CIS Controls

Developed, validated and prioritized by a volunteer community of cybersecurity experts.

Information Hub: Limitation and Control of Network Ports, Protocols, and Services