Common Ports & Services Reference
Educational guide for network ports, vulnerability risks, and firewall advice.
Common Ports & Services Reference
A quick security reference guide listing standard network ports, active service protocols, vulnerability risk levels, and defensive firewall configurations.
Never expose management panels (RDP, SSH, Telnet) or databases (MySQL, Redis, MongoDB) to the public interface. Implement firewalls (iptables/UFW), secure ports with VPNs, and close unused listening ports.
File Transfer Protocol. Used for transferring files between a client and a server.
Insecure by default (plain-text credentials). Replace with SFTP (Port 22) or FTPS.
Secure Shell. Used for secure command line access and file transfers (SFTP).
Secure, but target for brute force. Disable password logins; use key-based auth and fail2ban.
Terminal Emulation. Unencrypted text communications for command line control.
Extremely insecure. Disable immediately and use SSH (Port 22) instead.
Simple Mail Transfer Protocol. Used for email transmission between mail servers.
Vulnerable to spam injection. Enforce TLS; use port 587/465 with auth for client submissions.
Domain Name System. Translates domain names to IP addresses.
Target for DNS spoofing/amplification DDoS attacks. Keep server patched; restrict recursive queries.
Hypertext Transfer Protocol. Standard protocol for transferring unencrypted web pages.
Unencrypted traffic. Configure permanent redirect (301) to HTTPS (Port 443).
Post Office Protocol v3. Used by email clients to retrieve messages from a mail server.
Plaintext credentials. Use POP3S (Port 995) with SSL/TLS encryption instead.
Network Time Protocol. Synchronizes system clocks across network devices.
Often target for NTP reflection DDoS attacks. Disable monlist feature; restrict access lists.
Internet Message Access Protocol. Allows email client tools to synchronize mail folders.
Unencrypted transmission. Replace with IMAPS (Port 993) for encrypted connections.
Simple Network Management Protocol. Monitors and configures network hardware elements.
Default community strings (e.g. 'public') leak hardware setups. Use SNMPv3 with auth & privacy.
Hypertext Transfer Protocol Secure. Web communication encrypted via TLS.
Secure. Ensure weak ciphers are disabled (e.g. SSLv3, TLS 1.0, 1.1). Implement HSTS headers.
Server Message Block. Shared file access, printers, and system controller operations.
Vulnerable to high-impact exploits (WannaCry, EternalBlue). BLOCK port 445 at firewall WAN.
Microsoft SQL Server Database. Storage engine and listener query entry point.
Never expose to public internet. Restrict connections to specific client IP addresses or VPN.
Oracle Database Default Listener port.
High-risk target. Keep firewalled; use secure transport network configurations.
MySQL Database query port.
Do not expose publicly. Bind MySQL to local loopback (127.0.0.1) and route remote sessions via SSH tunnels.
Remote Desktop Protocol. Remote control client for Windows operating systems.
Extremely targeted by ransomware. Place behind VPN/Gateway; enforce multi-factor authentication.
PostgreSQL Database listener port.
Restrict access lists in pg_hba.conf; require client SSL certificates for client connections.
Redis In-Memory Key-Value database query port.
Highly vulnerable. By default has no auth. Never expose to public interface. Enforce strong password.
Alternative HTTP. Commonly used for local dev environments, proxies, and application dashboards.
Check application admin pages. Often lacks HTTPS configuration. Secure panels with proper auth/TLS.
MongoDB NoSQL Database portal.
Easy ransomware target if exposed without credentials. Bind listener strictly to localhost / private VPC.