Safe Network Ports: A Quick Guide

TL;DR

Generally, keep only the ports you *need* open. More open ports mean more chances for attackers. This guide helps you check what’s open and understand if they’re a risk.

Checking Open Ports

1. Use netstat (Windows) or ss/nmap (Linux/macOS): These tools show active network connections, including listening ports.
   • Windows: Open Command Prompt as Administrator and run

     netstat -ano | findstr LISTENING

     . This shows listening ports and the process ID (PID) using them.

   • Linux/macOS: Use

     ss -tulnp

     or

     sudo nmap -p 1-65535 localhost

     . ss is generally faster and more modern; nmap provides a detailed port scan.

2. Understand the Output: Look for ports listening on `0.0.0.0` or specific IP addresses. Ports listening only on `127.0.0.1` (localhost) are usually safe as they’re only accessible from your machine.

Common Ports & Their Safety

Here’s a breakdown of common ports, ranked roughly by risk level. Remember that *any* open port is a potential target; minimising them is best.

Generally Safe (If Used as Expected)

• Port 21 (FTP): File Transfer Protocol – Older and insecure. Consider SFTP (port 22) instead. If you don’t use FTP, close it!
• Port 22 (SSH): Secure Shell – For remote access. Safe if properly configured with key-based authentication and strong passwords/passphrases.
• Port 80 (HTTP): Web traffic – Essential for websites. Usually safe, but ensure your web server software is up to date.
• Port 443 (HTTPS): Secure web traffic – Essential for secure websites. Same as HTTP – keep updated!
• Port 53 (DNS): Domain Name System – For resolving domain names. Usually safe if run by a trusted DNS server.

Potentially Risky

• Port 23 (Telnet): Very old and insecure remote access protocol. *Never* use Telnet; close it immediately!
• Port 25 (SMTP): Simple Mail Transfer Protocol – For sending email. Only open if you run your own mail server, otherwise close it.
• Port 137-139 & 445 (NetBIOS/SMB): Windows file and printer sharing. Can be vulnerable; restrict access or disable if not needed.
• Port 3389 (RDP): Remote Desktop Protocol – For remote access to Windows machines. High risk if exposed directly to the internet. Use a VPN instead!

High Risk – Close Immediately

• Ports below 1024: Traditionally used for well-known services, but often targeted by attackers. If you don’t know what they do, close them.
• Any port with an unknown service listening: Investigate immediately and close if unnecessary.

Steps to Secure Your Ports

1. Firewall Configuration: Use your operating system’s firewall (Windows Firewall, iptables on Linux, macOS Firewall) to block unwanted incoming connections.
   • Windows: Search for ‘Windows Defender Firewall with Advanced Security’. Create inbound rules to allow only necessary ports.
   • Linux: Use

     sudo ufw allow 22/tcp

     (example allowing SSH) and

     sudo ufw deny 139/tcp

     (example denying NetBIOS). Remember to enable the firewall with

     sudo ufw enable

     .

2. Keep Software Updated: Regularly update your operating system and all applications. Updates often include cyber security patches for vulnerabilities.
3. Use Strong Passwords/Key-Based Authentication: For services like SSH, use strong passwords or, better yet, key-based authentication.
4. Consider a VPN: Use a Virtual Private Network (VPN) to access remote resources instead of exposing ports directly to the internet.