Port and Protocol Lookup
>
ALL PORTS
NEVER EXPOSE THESE
Ransomware and remote access
RDP 3389 and SMB 445 are the two services ransomware most often rides in on, one through brute forced logins, the other through lateral movement across a network. WannaCry and NotPetya both spread through SMB. Both belong behind a VPN or blocked at the firewall, never open to the internet.
Cleartext credentials
Telnet 23 and FTP 21 send passwords in the clear, so anyone on the network path can read them. Replace them with SSH and SFTP, which carry the same traffic encrypted. The same logic applies to plain HTTP, POP3, IMAP, and SMTP, prefer the TLS versions.
UDP amplifiers
DNS 53, NTP 123, SSDP 1900, and memcached 11211 can be abused to reflect and amplify traffic into large denial of service floods, since a small query provokes a large answer sent to a spoofed victim. If you must run them, restrict who can query them and never leave them open to the internet.