Disabling vs blocking ports
teancum144
Member Posts: 229 ■■■□□□□□□□
in Security+
Ran across a question worded similarly to the following:
By disabling unused ports, an administrator can
a. Block open ports
b. Prevent spam
c. Prevent viruses
d. Limit access
I picked 'a', but the answer is 'd'. The explanation says disabling will close, but cannot block, ports on a device and that firewalls block ports.
Two examples of disabling ports are provided in the explanation. One, is a switch port and the other is a service port (disabled by disabling the service). In either case, wouldn't disabling the port (disabled switch port or no service enabled/listening) effectively block the port? Can a disabled port still be attacked?
By disabling unused ports, an administrator can
a. Block open ports
b. Prevent spam
c. Prevent viruses
d. Limit access
I picked 'a', but the answer is 'd'. The explanation says disabling will close, but cannot block, ports on a device and that firewalls block ports.
Two examples of disabling ports are provided in the explanation. One, is a switch port and the other is a service port (disabled by disabling the service). In either case, wouldn't disabling the port (disabled switch port or no service enabled/listening) effectively block the port? Can a disabled port still be attacked?
If you like my comments or questions, you can show appreciation by clicking on the reputation badge/star icon near the lower left of my post.
Comments
-
Mrock4 Banned Posts: 2,359 ■■■■■■■■□□The wording in that question is tricky. I think what they were meaning when they said "Block open ports" was blocking service ports (ie: TCP 80, UDP 53, etc). Does disabling an unused port "block" all ports? I guess you could look at it that way. I could also argue that disabling a port prevents viruses since the host can't get on the network..but that's a stretch.
It's one of those questions where you kind of have to use the process of elimination. Let's quickly eliminate B and C. Between A and D, which is the best? I'd probably go with D since A can be interpreted multiple ways, and it's pretty obvious that disabling the port would limit access to the network. It's a tough one. -
Darril Member Posts: 1,588The wording indicates to me that they are referring to the physical ports on a switch rather than the well known logical ports.
In general, we would disable a physical port to prevent access (or limit access) via that port. For example, if a switch has 24 ports, but only 20 ports are used, you would disable the other four. This switch will likely still have 24 cables running from it to a room and connected to wall jacks, but if computers are not connected to the wall jack, you disable the wall jack by disabling the physical port at the switch. When the port is disabled, the switch does not pass any traffic on that port so unless the attacker has physical access to the switch, they cannot attack it.
In general, we block (or allow) logical ports (25, 80, and so on) to block traffic using that logical port.
Hope this helps.