Insecure protocol in use

What has been found

Insecure protocol in use.

These protocols, typically unencrypted, transmit data in plain text and are vulnerable to interception when used over the general internet. Examples include FTP, Telnet, HTTP, and older versions of SMB.

Why this is a potential risk

Unencrypted protocols expose sensitive information, including credentials, configuration details, and data in transit, to interception by attackers. When such services are exposed to the internet, they become high-value targets for ransomware, data exfiltration, and unauthorised access. Exploiting these protocols is often trivial with widely available tools. Best practice is to restrict them to trusted internal networks or replace them with secure, encrypted alternatives.

Potential solutions/Improvements

• Replace insecure protocols: Use modern, encrypted equivalents, such as SFTP instead of FTP, HTTPS instead of HTTP, SSH instead of Telnet, and SMBv3 or higher instead of legacy SMB.

• Restrict access: Limit protocol usage to internal networks, trusted VPNs, or zero-trust access solutions.

• Secure configuration: Ensure strong authentication, encryption, and session integrity are enforced on all services.

• Patch and maintain: Keep software up to date and follow vendor hardening recommendations.

• Monitor and log: Enable logging of access attempts and abnormal activity to detect misuse or compromise.

How to verify it is resolved:

• Perform an external vulnerability scan to ensure the service is no longer exposed.
• Review firewall and access control settings to confirm restrictions are in place.
• Ensure that access, if required, is secured with strong authentication and encryption.
• Regularly monitor logs for unauthorised access attempts.

External references

• NCSC – Cyber Security Guidance
• NIST – Guide to General Server Security
• OWASP – Top Ten Security Risks