Which Ports Should Be Open for a Secure Server?

A server administrator needs to harden a server by only allowing secure traffic and DNS inquiries.

A port scan reports the following ports are open:

A.

21

B.

22

C.

23

D.

53

E.

443

F.

636

D.

https://tools.cisco.com/security/center/resources/dns_best_practices

To harden a server by only allowing secure traffic and DNS inquiries, the administrator needs to close all unnecessary ports that may pose a security risk.

A port scan reports that the following ports are open:

• Port 21: This is used for FTP (File Transfer Protocol) data transfer. It should be closed if not required for any specific purpose.
• Port 22: This is used for SSH (Secure Shell) and is required for secure remote access. It can be kept open if required for administrative access.
• Port 23: This is used for Telnet, which is an unsecured protocol for remote access. It should be closed as it poses a security risk.
• Port 53: This is used for DNS (Domain Name System) inquiries and is required for the server to function properly. It should be kept open.
• Port 443: This is used for HTTPS (Hypertext Transfer Protocol Secure) and is required for secure web traffic. It should be kept open.
• Port 636: This is used for LDAPS (Lightweight Directory Access Protocol Secure) and is required for secure directory access. It can be kept open if required for administrative access.

Based on this, the administrator should close port 21 and 23 and keep the rest of the ports open. By doing so, the server will only allow secure traffic and DNS inquiries, reducing the potential attack surface and enhancing security.

Additionally, the administrator can implement firewall rules to restrict inbound and outbound traffic to only the necessary ports and protocols, further reducing the risk of unauthorized access and data breaches.