Exposed service(s)
What has been found
Exposed service(s)
One or more services(s) have been identified as accessible from the public internet. These services may be part of normal business operations; however, any externally exposed service increases your organisation’s attack surface and requires careful management to ensure it is properly secured.
Why this is a potential risk
Each internet-facing service introduces potential entry points that attackers can exploit. Even legitimate business services, if misconfigured, outdated, or poorly secured, can be leveraged to gain unauthorised access, exfiltrate data, or deploy malware. Attackers routinely scan for exposed services to exploit known vulnerabilities, weak authentication, or unpatched systems.
Best practice is to minimise publicly exposed services wherever possible, and to ensure that any necessary external access is hardened with strong authentication, encryption, and strict access controls.
Potential solutions/Improvements
-
Review necessity: Confirm whether the exposed service is required to be accessible from the internet. Disable or restrict any unnecessary services.
-
Restrict access: Use firewalls, access control lists (ACLs), or a VPN to limit access to trusted networks or authorised users only.
-
Secure configurations: Ensure the service uses encrypted communication (HTTPS, SSH, etc.) and follows vendor security recommendations.
-
Patch and maintain: Regularly update the service and any associated software to mitigate known vulnerabilities.
-
Monitor and log: Continuously monitor for unusual activity or repeated access attempts and review logs for anomalies.
How to verify it is resolved:
- Perform an external vulnerability scan to ensure the service is no longer exposed.
- Review firewall and access control settings to confirm restrictions are in place.
- Ensure that access, if required, is secured with strong authentication and encryption.
- Regularly monitor logs for unauthorised access attempts.