Configuration Management / HTTP traffic
An open HTTP port represents a vulnerability when not properly secured. Port 80 is commonly associated with HTTP traffic, and leaving it open without adequate protection can expose a system to various security risks.
Open HTTP traffic allows data to be transmitted without encryption, exposing sensitive information to potential eavesdropping and interception by malicious actors. Attackers can intercept and manipulate communication between the client and server, leading to unauthorized access, data tampering, or the injection of malicious content.
In addition, insecure HTTP sessions are susceptible to session hijacking, allowing attackers to steal user authentication tokens and impersonate legitimate users.
Use HTTPS (port 443) to encrypt data in transit, protecting it from eavesdropping. Ensure the proper configuration of SSL/TLS certificates for secure communication.
Furthermore, implement HSTS to enforce the use of secure connections (HTTPS) and mitigate the risk of man-in-the-middle attacks by ensuring secure communication between the client and server.