Events , Governance & Risk Management , Infosecurity Europe Conference

Scans Confirm: The Internet is a Dump

Rapid7's Tod Beardsley Warns of Millions of Unsecured Ports

The internet is a dump. That's the takeaway from a massive scan of open internet ports, which confirms long-held assumptions that old, insecure Internet protocols not only never die, but may still thrive, says security researcher Tod Beardsley.

The findings come after Beardsley and his team at security firm Rapid7 scanned the internet in April and May, cataloging the prevalence of 30 top protocols.

See Also: NHS Ransomware Attack: Healthcare Industry Infrastructures Are Critical

"We, through port scanning, take a look at ... what's actually out on the internet," says Beardsley, who heads Rapid7's research team. "The reason why we're doing it is because basically no one else seems to be."

Some of the results aren't pretty. Notably, many old Internet protocols - including telnet and FTP - continue to be in widespread use, and used insecurely. As revealed in Rapid7's resulting "National Exposure Index," some countries are better than others, with Belgium taking first place for worst offender.

In this video interview with Information Security Media Group at the Infosec Europe conference in London, Beardsley details:

  • The top 10 protocols used on the internet, and the security implications.
  • Which countries are "most exposed" by the use of insecure protocols.
  • Why using encrypted Internet protocols remains so important.
  • The need for better education around how services can - and must - be deployed and maintained in a secure manner.

Beardsley says his team plans to regularly scan the internet anew, and hopes - especially as the Internet of Things continues to take off - people will learn from the results. "We can make sure we're engineering the internet that we want to have, rather than the one that we just grew over time," he says.

Beardsley is the senior security research manager at Rapid7, and has more than 20 years of hands-on security knowledge and experience. He's held IT operations and information security positions in such organizations as 3Com, Dell and Westinghouse, and is a regular speaker at developer and security conferences. He's also a contributor to the open source vulnerability testing framework project Metasploit.

Additional Summit Insight:
Hear from more industry influencers, earn CPE credits, and network with leaders of technology at our global events. Learn more at our Fraud & Breach Prevention Events site.

About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.