50 Critical Linux Ports You Must Close to Secure Your System

Linux is often praised for its security, but many default services expose high‑risk ports that attackers can exploit. Closing or securing these ports is essential for a robust defense.

SSH (Port 22)

Purpose: Secure remote login via the SSH protocol.

Risk: Widely used, making the default port a frequent target for brute‑force attacks.

Recommendation: Change the SSH port to a non‑standard number or restrict access to trusted IP addresses.

Telnet (Port 23)

Purpose: Legacy remote login protocol, largely replaced by SSH.

Risk: Unencrypted traffic allows attackers to intercept credentials.

Recommendation: Disable Telnet and use SSH instead.

FTP (Ports 20, 21)

Purpose: File Transfer Protocol for transferring files between client and server.

Risk: Transmits data in clear text and is vulnerable to various attacks.

Recommendation: Disable FTP or replace it with SFTP/FTPS; if FTP is required, enforce strong passwords and restrict access.

SMTP (Port 25)

Purpose: Sending email.

Risk: Open relays can be abused for spam.

Recommendation: Restrict SMTP to authenticated clients only.

POP3 (Port 110)

Purpose: Receiving email.

Risk: Plain‑text transmission exposes credentials.

Recommendation: Use POP3S (SSL/TLS) or IMAPS.

SMB (Ports 139, 445)

Purpose: Network file and printer sharing.

Risk: Known vulnerabilities (e.g., EternalBlue) can lead to remote code execution.

Recommendation: Disable unnecessary SMB services, apply patches, and enforce strong passwords.

LDAP (Port 389)

Purpose: Directory services.

Risk: LDAP injection, anonymous binds, and credential leakage.

Recommendation: Use LDAPS (LDAP over SSL/TLS) and tighten access controls.

RDP (Port 3389)

Purpose: Remote Desktop Protocol for Windows desktops.

Risk: If exposed on Linux VMs, it becomes an attack surface.

Recommendation: Disable unnecessary RDP services, enforce strong passwords, and limit access via firewall rules.

MySQL (Port 3306)

Purpose: Relational database service.

Risk: Misconfiguration can allow unauthorized database access.

Recommendation: Use strong passwords, restrict network access, and keep patches up to date.

Microsoft SQL Server (Port 1433)

Purpose: Default TCP/IP port for SQL Server.

Risk: Susceptible to SQL injection, DoS, and other attacks.

Recommendation: Change the default port, enforce complex access policies, use SSL encryption, and apply patches regularly.

Various Application Ports (5000‑5002, 7000‑7003, 8080‑8083, 9090, 80, 443, etc.)

Purpose: Used by web servers, proxies, custom applications, and other services.

Risk: Vulnerable services can be exploited if left exposed.

Recommendation: Close unused ports, secure required services with strong authentication, keep software patched, and restrict access via firewall rules.

MongoDB (Ports 27017, 27018)

Purpose: Database service for MongoDB.

Risk: Default configuration often lacks authentication, exposing data.

Recommendation: Change default ports, enable authentication, bind to trusted interfaces, and apply updates.

CUPS (Port 631)

Purpose: Printing service.

Risk: Misconfiguration can allow remote control of printers and data leakage.

Recommendation: Use strong passwords, apply patches, limit network exposure, or disable the service if not needed.

VNC (Ports 5900‑5910)

Purpose: Remote desktop access.

Risk: Default settings are often insecure.

Recommendation: Change default ports, enforce strong passwords, and restrict access.

General hardening steps for all high‑risk ports:

Disable services that are not required.

Modify configuration files (e.g., /etc/ssh/sshd_config) to change default ports or disable the service.

Restrict access with firewall rules (e.g.,

sudo iptables -A INPUT -p tcp --dport <port_number> -j DROP

).

Use strong, regularly rotated passwords.

Apply security patches promptly.

Enable monitoring and logging to detect suspicious activity.