Internet Security, January 2023

Common Ports and the Risks They Carry

Ports are not vulnerabilities in themselves, they are endpoints, and the risk attached to any of them is a function of three things, what service is listening behind it, whether that service should be reachable from the network the request originates on, and whether the protocol was designed in an era that assumed a trusted network. Many of the protocols still in daily use predate any expectation of hostile traffic, and they carry credentials or data in the clear because confidentiality was never a design goal. The table below pairs the ports an operator meets most often with the practical risk of exposing them, as a reference for deciding what belongs on a public interface and what does not.

PORTSERVICERISK
21FTPCredentials and data in the clear, prefer SFTP or FTPS.
22SSHStrong when key based, a magnet for brute force when exposed with passwords.
23TelnetEverything in plaintext, there is no safe reason to run it today.
25SMTPOpen relays and spoofing, lock down authentication and relaying.
53DNSAmplification and tunneling, restrict recursion and watch for exfiltration.
80HTTPUnencrypted, redirect to HTTPS and never carry secrets over it.
110POP3Plaintext mail retrieval, move to the TLS port or to IMAP over TLS.
143IMAPSame story, insist on the TLS variant.
443HTTPSThe safe default, the risk moves up into the application itself.
445SMBA repeated ransomware entry point, never expose it to the internet.
3389RDPA constant target for brute force and exploits, keep it behind a VPN.
3306MySQLDatabases belong on private networks, not on a public interface.
5432PostgreSQLSame rule, bind to localhost or an internal segment.

The specific entries matter less than the pattern behind them. A port scan gives an attacker two pieces of intelligence immediately, which services you are running and, from banners and version strings, how current they are, and that is frequently enough to select an exploit before any genuine interaction takes place. The defensive posture that follows is not to memorize a list of dangerous ports but to apply a consistent principle, expose the minimum necessary, place management and database services on internal segments or behind a VPN rather than on public interfaces, and require encryption for anything carrying credentials or sensitive data, which for most of the plaintext protocols above means moving to their TLS protected equivalents. Every open port should correspond to an answer you can give without hesitation, who needs this service, from which networks, and for what purpose, and any port that cannot be justified in those terms is not a convenience, it is an unreviewed entry point that an attacker will assess long before you do. Reducing the count of open ports to the set you can defend in those words is one of the simplest and most durable improvements available to the security of a network.