Security GuideOpen port security
An open port means a service accepted a network connection. That can be normal for websites, but risky for private admin tools and databases.
What an open port means
Ports are numbered communication endpoints. A website normally listens on 80 or 443. SSH commonly listens on 22. Mail, databases, remote desktop and control panels use other ports. When a port is open from the public internet, outside clients can try to connect to the service behind it.
Open does not automatically mean unsafe. A public website needs an open HTTPS port. The question is whether the service is intended to be public, patched, authenticated, monitored and protected by firewall rules or access controls.
Ports that deserve caution
22 SSHRemote server administration.Use keys, disable weak passwords and restrict access when possible.
3389 RDPWindows remote desktop.Avoid public exposure without VPN or strong controls.
3306 / 5432MySQL and PostgreSQL.Databases should usually not be public.
6379 / 9200Redis and Elasticsearch.Public exposure can be dangerous if not secured.
80 / 443Web traffic.Expected for websites, but still needs updates and HTTPS.
How to reduce risk
- Close services that do not need public access.
- Bind private services to localhost or private interfaces.
- Use firewall allowlists for admin ports.
- Prefer VPN or private network access for management tools.
- Keep server software updated.
- Use logs and rate limits to detect repeated attempts.
Use Port Check from outside your own network to verify what the public internet can reach. If you expected a port to be closed but it appears open, review router forwarding, cloud security groups, host firewall rules and service bind addresses.