Open Ports - High Risk Ports

The guide below details which ports should be considered high risk and should only be open if you understand the risk.

We recommend, where possible, that you restrict the inbound NAT.

High Risk Ports: 

Inbound NAT ports become high-risk when they expose sensitive or vulnerable services to the internet, potentially allowing attackers to exploit them. Here are some commonly exposed high-risk ports:

1. Port 21 (FTP) - Used for File Transfer Protocol, which lacks encryption in its standard form, making transferred data, including credentials, susceptible to interception.

2. Port 22 (SSH) - Used for Secure Shell access, which is secure if properly configured, but can be a major risk if weak credentials or outdated versions are used.

3. Port 23 (Telnet) - Used for unencrypted network communication, which exposes credentials and data to anyone who can eavesdrop on the connection.

4. Port 80 (HTTP) - Used for Hypertext Transfer Protocol, which is unencrypted and can be intercepted by third parties.

5. Port 139 and 445 (SMB) - Used for Windows file sharing and various Windows services, often targeted in ransomware attacks and other exploits.

6. Port 3389 (RDP) - Used for Remote Desktop Protocol, highly targeted by attackers for gaining direct access to your network resources.

7. Port 3306 (MySQL) - Used for MySQL databases; if exposed, it can allow attackers to access or corrupt your databases.

8. Port 1433 and 1434 (MS SQL Server) - Used for Microsoft SQL Server, these ports can be exploited to execute remote commands if improperly secured.