Common Network Port Vulnerabilities and Risk Mitigation
⏳ 1 min readAn auditing reference matrix for service ports frequently targeted by malicious network traffic.
High-Risk Ports Reference
When validating firewall rules, ensure that the following ports are tightly restricted and never exposed to the public internet without explicit security layers (VPNs, MFA, IP white-lists):
| Port | Protocol | Common Service | Primary Risk / Attack Vector |
|---|
| `21` | TCP | FTP | Cleartext credentials transmission, directory traversal. |
|---|
| `22` | TCP | SSH | Brute-force credentials guessing, host compromise. |
|---|
| `23` | TCP | Telnet | Unencrypted traffic, eavesdropping. |
|---|
| `3389` | TCP | RDP | Remote Desktop exploits, brute-force entry. |
|---|
| `445` | TCP | SMB | Ransomware spread (e.g., WannaCry), file share exposure. |
|---|
| `1433` | TCP | MSSQL | Database injection, unauthorized access. |
|---|
Hardening Recommendations
Implement a default-deny inbound posture. Only permit explicitly defined source IPs to access administrative ports (22, 3389) or tunnel administrative traffic through an encrypted WireGuard or IPsec VPN tunnel.
