When people think about "the internet," they tend to think that the web runs on HTTP and HTTPS. But there’s also telnet, SSH, FTP, SMTP, or any of the other protocols that run on TCP/IP out there—and they represent an inherent insecurity because they tend to run over un-encrypted, clear text channels.
A research paper from Rapid7, National Exposure Index: Inferring Internet Security Posture by Country through Port Scanning, examined the individual services that live on the public IP network and found that there are millions of them exposed on the internet that shouldn't be.
In fact, the seventh most common TCP/IP protocol is telnet, and there are 15 million “good old, reliable, usually unencrypted telnet nodes out there, offering shells to anyone who cares to peek in on the clear text password as it's being used,” according to Tod Beardsley, principal security research manager at Rapid7.
There are also 11.2 million nodes appearing to offer direct access to relational databases, and 4.5 million apparent printer services. Rapid7 also counted 7.8 million MySQL databases and 3.4 million Microsoft SQL Server systems. And 4.7 million systems expose one of the most commonly attacked ports used by Microsoft systems, 445/TCP.
Further, non-web-based access to email (via clear text POP or IMAP protocols) is still the norm versus the exception in virtually every country.
“We found some weird things on the national level, too,” Beardsley said. “For instance, about 75% of the servers offering SMB/CIFS services—a (usually) Microsoft service for file sharing and remote administration for Windows machines—reside in just six countries: The United States, China, Hong Kong, Belgium, Australia and Poland.”
He added, “It's facts like these that made us realize that we have a fundamental gap in our awareness of the services deployed on the public side of firewalls the world over. This gap, in turn, makes it hard to truly understand what the internet is.”
Some of the most exposed countries on the internet today include Australia (ranked fourth), China (ranked fifth), France (13th), the US (14th), Russia (19th) and the UK (23rd).
There is a bright spot here however. In certain functional areas of the internet, there are operational preferences for encrypted services over unencrypted counterparts. For example, the prevalence of SSH over telnet seems to indicate that SSH is winning out in production, as system administrators clearly prefer SSH over telnet. More than 50% of regions are offering more SSH servers than telnet servers.
“But, there is still ample attack surface for passive monitoring of remote administration tasks that continue to rely on telnet,” Beardsley said.
Photo © optimarc