When people think about "the internet," they tend to think that the web runs on HTTP and HTTPS. But there’s also telnet, SSH, FTP, SMTP, or any of the other protocols that run on TCP/IP out there—and they represent an inherent insecurity because they tend to run over un-encrypted, clear text channels.
A
research paper from Rapid7, National Exposure Index: Inferring Internet Security Posture by Country through Port Scanning, examined the individual services that live on the public IP network and found that there are millions of them exposed on the internet that shouldn't be.
In fact, the seventh most common TCP/IP protocol is telnet, and there are 15 million “good old, reliable, usually unencrypted telnet nodes out there, offering shells to anyone who cares to peek in on the clear text password as it's being used,” according to Tod Beardsley, principal security research manager at Rapid7.
There are also 11.2 million nodes appearing to offer direct access to relational databases, and 4.5 million apparent printer services. Rapid7 also counted 7.8 million MySQL databases and 3.4 million Microsoft SQL Server systems. And 4.7 million systems expose one of the most commonly attacked ports used by Microsoft systems, 445/TCP.
Further, non-web-based access to email (via clear text POP or IMAP protocols) is still the norm versus the exception in virtually every country.
“We found some weird things on the national level, too,” Beardsley said. “For instance, about 75% of the servers offering SMB/CIFS services—a (usually) Microsoft service for file sharing and remote administration for Windows machines—reside in just six countries: The United States, China, Hong Kong, Belgium, Australia and Poland.”