Scans Confirm: The Internet is a DumpRapid7's Tod Beardsley Warns of Millions of Unsecured Ports
The internet is a dump. That's the takeaway from a massive scan of open internet ports, which confirms long-held assumptions that old, insecure Internet protocols not only never die, but may still thrive, says security researcher Tod Beardsley.
The findings come after Beardsley and his team at security firm Rapid7 scanned the internet in April and May, cataloging the prevalence of 30 top protocols.
See Also: Managing API Security
"We, through port scanning, take a look at ... what's actually out on the internet," says Beardsley, who heads Rapid7's research team. "The reason why we're doing it is because basically no one else seems to be."
Some of the results aren't pretty. Notably, many old Internet protocols - including telnet and FTP - continue to be in widespread use, and used insecurely. As revealed in Rapid7's resulting "National Exposure Index," some countries are better than others, with Belgium taking first place for worst offender.
In this video interview with Information Security Media Group at the Infosec Europe conference in London, Beardsley details:
- The top 10 protocols used on the internet, and the security implications.
- Which countries are "most exposed" by the use of insecure protocols.
- Why using encrypted Internet protocols remains so important.
- The need for better education around how services can - and must - be deployed and maintained in a secure manner.
Beardsley says his team plans to regularly scan the internet anew, and hopes - especially as the Internet of Things continues to take off - people will learn from the results. "We can make sure we're engineering the internet that we want to have, rather than the one that we just grew over time," he says.
Beardsley is the senior security research manager at Rapid7, and has more than 20 years of hands-on security knowledge and experience. He's held IT operations and information security positions in such organizations as 3Com, Dell and Westinghouse, and is a regular speaker at developer and security conferences. He's also a contributor to the open source vulnerability testing framework project Metasploit.
Additional Summit Insight:
Hear from more industry influencers, earn CPE credits, and network with leaders of technology at our global events. Learn more at our Fraud & Breach Prevention Events site.