Critical

Ensure there is no unrestricted inbound access to TCP port 135 (RPC)

Security & Compliance
Description

TCP port 135 is used for the Microsoft Remote Procedure Call (RPC) service, which allows communication between different processes on a network. If this port is left open and unrestricted, it can be exploited by attackers to execute arbitrary code, gain unauthorized access to sensitive data or launch DDoS attacks. Therefore, ensuring that there is no unrestricted inbound access to TCP port 135 is crucial for maintaining the security and integrity of your network.

Remediation

Here are the steps to remediate the issue of unrestricted inbound access to TCP port 135 (RPC):

  1. Identify which systems are running RPC and have TCP port 135 open.
  2. Configure a firewall to block all inbound traffic to TCP port 135.
  3. If RPC is required for legitimate business purposes, consider implementing secure RPC by enabling authentication and encryption mechanisms such as SMB signing, IPsec, or Kerberos.
  4. Regularly monitor network traffic for any attempts to exploit the RPC protocol or to bypass the firewall rules.
  5. Keep systems up to date with the latest security patches and updates to minimize the risk of known vulnerabilities being exploited.
Enforced Resources
Note: Remediation steps provided by Lightlytics are meant to be suggestions and guidelines only. It is crucial to thoroughly verify and test any remediation steps before applying them to production environments. Each organization's infrastructure and security needs may differ, and blindly applying suggested remediation steps without proper testing could potentially cause unforeseen issues or vulnerabilities. Therefore, it is strongly recommended that you validate and customize any remediation steps to meet your organization's specific requirements and ensure that they align with your security policies and best practices.

Step into the Future of SecOps