Security Resource Hub
Network Security

Topic 6: Ports and Services

Complete & Continue Next Lesson Learn More

Understanding Different Ports

Using different ports is integral to the secure and efficient transfer of information in networking and data communication. Each port serves a specific purpose, allowing different connections and data transfers.

SSH (Secure Shell Protocol)
SSH operates on port 22 and is commonly used for secure remote access and control of a device over a network. It provides encrypted communication for secure file transfers and terminal access.

RDP (Remote Desktop Protocol)
RDP operates on port 3389 and is primarily used to access Windows-based systems remotely. It enables users to connect to a remote computer and interact with its desktop as if using the machine locally.

HTTP (Hypertext Transfer Protocol)
HTTP operates on port 80 and is the foundation of data communication on the World Wide Web. It facilitates the transfer of web pages, images, videos, and other content between a web server and a client's browser.

HTTPS (Hypertext Transfer Protocol Secure)
HTTPS operates on port 443 and is an extension of HTTP with added security. It encrypts the data exchanged between the web server and the client's browser, ensuring a secure and private connection for sensitive information.

FTP (File Transfer Protocol)
FTP operates on port 21 and transfers files between a client and a server on a computer network. It allows uploading, downloading, and managing files on a remote server.

SMTP (Simple Mail Transfer Protocol)
SMTP operates on port 25 and is crucial for sending emails. It is responsible for transmitting outgoing mail from an email client to a mail server and between mail servers.

DHCP (Dynamic Host Configuration Protocol)

DHCP (Dynamic Host Configuration Protocol) issues IP addresses and Operates on UDP (port 67 - Server, port 68 - Client). Computers cannot map an IP address to a MAC address if they don’t know what IP address to use. Dynamic address allocation is used. (allocated by router). DHCPDISCOVER -> DHCPOFFER -> DHCPREQUEST -> DHCPACK. The first node to respond will win the race. 

POP3 (Post Office Protocol version 3)
POP3 operates on port 110 and retrieves emails from a remote mail server. It enables users to access their mailbox, download incoming messages, and manage them locally.

IMAP (Internet Message Access Protocol)
IMAP operates on port 143 and is an alternative to POP3 for retrieving emails. It allows users to access and manage their email messages on a remote mail server while synchronizing them across multiple devices.

Understanding the diverse functions of these ports is essential for network administrators, IT professionals, and individuals seeking to ensure secure and stable connections across various platforms and services.

Ports to Avoid for Security Reasons

When securing a network, it's essential to be mindful of the ports being used. Certain ports are notorious for their security vulnerabilities and should be avoided to minimize the risk of unauthorized access and malicious attacks. Here are some of the ports that should be avoided from a security perspective:

1. Telnet (Port 23): Telnet is an unencrypted protocol, meaning that any data, including passwords, is transmitted in clear text. This poses a significant security risk, allowing attackers to intercept sensitive information easily. It's recommended to use SSH (Secure Shell) instead, as it provides a secure, encrypted alternative to Telnet.

2. FTP (Port 21): File Transfer Protocol (FTP) is another protocol that transmits data in clear text, making it susceptible to eavesdropping and unauthorized access. Due to its lack of security features, FTP should be replaced with more secure alternatives such as SFTP (Secure FTP) or FTPS (FTP over SSL/TLS).

3. SNMP (Port 161): Simple Network Management Protocol (SNMP) is commonly used for monitoring and managing network devices. However, SNMPv1 and SNMPv2 are inherently insecure and lack strong authentication and encryption mechanisms. It's advisable to utilize SNMPv3, which offers encryption and secure authentication options.

4. TFTP (Port 69): Trivial File Transfer Protocol (TFTP) is similar to FTP but lacks authentication and security features. As a result, attackers can abuse TFTP to transfer malicious files or steal sensitive data. A more secure alternative is using secure file transfer methods such as SCP (Secure Copy Protocol) or SFTP.

5. NetBIOS (Ports 137-139): NetBIOS provides services for sharing resources such as files and printers over a local area network. However, it has well-documented security weaknesses, including susceptibility to brute force and man-in-the-middle attacks. Due to security risks, NetBIOS should be disabled or used with strong security measures such as IPsec.


By avoiding these insecure ports and transitioning to more secure alternatives, organizations can significantly enhance the security posture of their networks and mitigate the potential risks associated with these vulnerable protocols.

Service Ports:

  • 0 - 1023: Reserved for common services - sudo required.

  • 1024 - 49151: Registered ports used for IANA-registered service.

  • 49152 - 65535: Dynamic ports that can be used for anything.