Part of our process involves detecting client servers with open network ports that should not be. In this case, the ports (445 and 135) are used for internal Windows File Sharing purposes. When left open, these ports are susceptible to a variety of traditional attacks – like brute-force password guessing – but also to more modern ransomware attacks (such as WannaCry).

In these cases, we recommend that the client either (1) disable Windows File Sharing on this server or (2) set up firewall rules to make the ports inaccessible from the general internet. We view these specific ports as high-risk indicators that should be addressed immediately by all insureds.

Did this answer your question?