Port Filtering With BrowseControl

BrowseControl is a host-based web filtering and port blocking software for filtering TCP/UDP network ports on endpoint devices.

Effortlessly block unused and exploitable ports to reduce the attack surface of your network.

Screenshot of BrowseControl's Port Filter for blocking TCP/UDP ports
Block Network Ports
Endpoint Filtering
Granular Policies
Block FTP, Telnet, & More

Trusted by 

Pepsi-Cola Logo
AXA Logo
Panasonic logo
San Diego Padres logo

Port Filtering Overview & Best Practices

What is Port Filtering?

The internet and applications use predetermined TCP/UDP ports to transmit network protocol packets (data).

Port filtering is the practice of allowing or blocking (opening/closing) network packets into or out of a device or the network based on their port number.

Blocking network ports allows administrators to restrict specific operations such as file transfers through ports used for FTP and torrents.

Starting at $2.99 USD per license/month

cybersecurity expert on a laptop ion front of servers
Man rests his chin on his hand, thinking pose

Why Block Network Ports?

Malicious hackers can use port scanning tools to discover open ports in your network.

Once they find open ports they can use it to search for potential vulnerabilities that they can use to gain unauthorized access into your network.

By proactively blocking unused ports with port blocking software you can reduce the attack surface available to threat actors and improve the security of your network.

    Starting at $2.99 USD per license/month

    Block Unused Network Ports


    • Deny by Default: All ports should be closed by default unless there is a documented, reviewed, and approved business case.
    • Defense in Depth: Combine BrowseControl’s host-based port filtering with a perimeter-based firewall for a defense-in-depth approach.
    • Risk Assessment: Any port can be exploited by an attacker. Blocking unused ports reduces the attack surface of your network.

    Starting at $2.99 USD per license/month

    Screenshot of BrowseControl's Port Filter for blocking TCP/UDP ports

    Recommended Ports to Block

    While any port can be potentially exploited, there are some ports that are known security risks. If a Deny-by-Default approach isn’t feasible for your organization, try these recommended ports to block.

    • Internet Relay Chat (IRC): Botnets can use IRC to communicate with infected machines. Close the port range 6660 – 6669 to block IRC.
    • Telnet: Telnet is not a secure protocol and is unencrypted. Block port 23 to restrict access to it
    • Memorable Numbers: Some malware authors use easy-to-remember numbers such as 234, 6789, 1111, 666, and 8888
    • File Transfer Protocol (FTP): FTP is used to transfer computer files from a server to a client on a computer network. Block port 21 to restrict this data egress point on client computers.

    Starting at $2.99 USD per license/month

    What Ports Need to Be Left Open?

    Port requirements are unique to each organization and its networks. The ports required by business applications will evolve over time as well. Here are some ways to determine what ports you need to keep open.

    • Product Documentation: Consult the manuals of any software and hardware used in your organization and see if they require specific ports to be left open.
    • Netstat & Resource Monitor: Use a netstat command and Windows resource monitor to identify ports that are currently in use by a specific computer.
    • Trial & Error: If you only use internet-connected computers and have no other special needs, try blocking all ports except for port 80 (HTTP internet) and port 443 (HTTPS internet). Test all services and applications in your organization to see if there are any connection issues and monitor IT support tickets for any unforeseen issues.
    • Research Ports: If you need to perform special actions such as file transfers over FTP or hosting your own email servers you’ll need to consult this list to see the ports that are required by each of them.

    Starting at $2.99 USD per license/month

    Computer monitor with "Come in we're open" sign

    Try BrowseControl for Free

    Fully Functional. Easy to use. Install in minutes

    Case Study

    TCAT Ensures Student Success
    With the Best Internet Filtering Software

    Tennessee College Of Applied Technology
    Tennessee Colleges of Applied Technology Crump

    The Tennessee College of Applied Technology (TCAT) is one of the best technological educational institutions in the Tennessee area. To keep delivering a cutting-edge learning experience, TCAT Crump knew that they needed to integrate online resources into their curriculums and teaching methods. 

    But allowing internet access into a network is not without its risks. As an information technology instructor, Gabriel Alvarado is adamant that educational institutions need to defend against unauthorized access to personal information belonging to pupils, parents, or staff.

    Gabriel knew that restricting internet access with internet blocking software was essential for protecting their students and network against web-based threats. In addition to improving internet security, BrowseControl provided TCAT students with an optimal educational experience by blocking distracting websites during class hours and preventing bandwidth hogs from impacting the performance of the network.

    BrowseControl’s convenient remote installation options and central management console made it the best internet filtering software for TCAT as they could deploy the software during the school term rather than having to wait until the holidays. Staff and user accounts could be readily distinguished, allowing web filtering policies to be customized to the needs of each group.

    Exposing students to the digital world comes with a responsibility to protect them. And as well as keeping our students safe, we also need to keep our system safe! Students aren’t always aware of the dangerous consequences of their online actions, so there is always a risk of harmful behavior.”

    Gabriel Alvarado

    CIS/CIT Instructor, Tennessee College of Applied Technology at Crump

    Check out our great reviews on Capterra!

    "As a "novice" I was able to set up with help from support in about an hour. Previous software took forever and didn't work as advertised. This software worked right out of the box."

    - Dr. Gerard B, Owner
    Medical Office

    "This software was easy to install and customize to our needs. Category Filtering is such a time saver and of course saving time is saving money!"

    - Scott S. Senior Systems Engineer

    Try BrowseControl for Free

    Fully Functional. Easy to use. Install in minutes

    Manage Web Filtering Policies From a Convenient Central Console

    CurrentWare web console with the BrowseControl web filter page shown

    Test drive the live demo

    Flexible Deployment Options

    Icon of a hard drive

    On Premises

    Easy to install. Everything stored on your own network.

    Icon of globe with meridians. Four nodes extending from it

    Remote Workers

    Connect remote users with minimal configuration.

    Icon of a server with a cloud behind it

    Private Cloud

    All the benefits of the cloud on a server of your choice.

    BrowseControl Web Filtering Features

    Internet Off

    Internet ON/OFF

    One click to completely block users from browsing the web

    Internet Off

    URL Filter

    Allowed list or Blocked list for specific URLs

    Internet Off

    Category Filtering

    Block websites based on specific categories

    Internet Off

    Internet Scheduler

    Schedule Internet restrictions at specific times of the day

    Internet Off

    Safe Search

    Enforce safe search to prevent explicit search results

    Internet Off

    Internet Quota

    Set a time-based quota for internet browsing

    Internet Off

    Download Filter

    Block downloads from HTTP sites based on file types

    Internet Off

    Port Filter

    Close unused and high-risk TCP/UDP ports

    Internet Off

    Customize Message

    Display a customized warning message on blocked websites

    Internet Off

    Application Blocker

    Block specific Windows applications from launching

    Internet Off


    Allocate specific time for your users to access the Internet

    Internet Off

    Stealth Mode

    Restrict internet use without alerting users

    Internet Off

    Central Web Console

    Access the administrative console from a web browser on any computer in your network

    Internet Off

    Remote Client Install

    Easily deploy the CurrentWare Client remotely to all of your computers

    Internet Off

    Offsite Management

    Extend onsite Internet usage policies to laptops running outside the corporate network

    Internet Off

    SQL Server Supported

    Our database is scaled for enterprise and large business operations

    Try BrowseControl for Free

    Fully Functional. Easy to use. Install in minutes

    BrowseControl Web Content Filtering Software FAQ

    Are There Any Limits to the Free Trial?

    The free trial is fully functional. You can deploy it on up to 10 computers for 14 days. If you need more time or more computers to properly evaluate our content filtering and web monitoring software solutions in your organization, reach out to our team.

    Will the Software Continue to Work When My Users Leave the Network?

    Yes. The client agent installed on the computers has the ability to block the internet even if it does not have a connection with the CurrentWare Server.

    The client agent stores and enforces BrowseControl’s internet blocking software policies locally on the device. CurrentWare’s last known policies will continue to be enforced even if the computer loses internet connection or connects to a different network.

    Note: If you wish to update policies or receive reports from client agents outside of the network they will need to be able to communicate with the CurrentWare Server.

    Once a connection is reestablished you will receive your user’s internet usage data and any web filtering policy updates will take effect.

    Learn More

    How Do You Unrestrict a Website?

    To unrestrict a website that is blocked by Category Filtering, add it to the URL allow list. This will allow you to block an entire content category while selectively allowing specific websites.

    For example, you can block the Social Media category while allowing access to LinkedIn.com

    To unrestrict a website that is on your URL Block List, simply select the user or group you would like to modify and remove the website from the Block List. 

    Learn More: How Do I Control Internet Access With BrowseControl?

    What is the Difference Between URL Filtering and Category Filtering?

    URL filtering limits access to specific web pages (URLs) and domains (websites) by comparing web addresses that end-users are attempting to visit against a database of websites that are on an Allowed List and Blocked List. 

    Category Filtering blocks websites based on content categories such as Porn, Social Media, and Hate sites. This allows thousands of websites to be blocked without the administrator knowing their specific URL. As new websites are identified by the category filtering provider they are sorted into their respective content categories.

    How Do I Block Internet Access at a Certain Time?

    BrowseControl includes three features to restrict internet access based on time – internet quota limit, internet scheduler, and internet timer. 

    The Timer feature allows you to turn the internet on or off after a set time limit has elapsed. Once the timer has expired, the Internet settings will return to the previous Internet mode (ON/OFF or Schedule).

    The Internet Scheduler allows you to set unique allow and block lists on a set schedule. This is typically used to allow employees or students access to unproductive websites during their breaks while restricting them during work periods. 

    The Internet Quota feature allows the administrator to control how long users have access to the Internet on a daily basis. This allows end-users to browse the web throughout the day until their quota is reached. This feature is ideal for internet cafes and other organizations with users that do not require ongoing access to the internet.

    Learn More: Using Timer and Internet Quota to Set Internet Time Limits

    Will BrowseControl Work With My Proxy Server?

    Yes, BrowseControl is compatible with other proxy servers on your network. 

    Learn More: How to Use BrowseControl With a Proxy Server

    How Do I Unblock a Specific URL Within a Content Category?

    If you would like to block a given web content category while selectively allowing access to specific URLs, simply add the websites you would like to unblock to the URL Allow List.

    With this method you can block the Social Media category while allowing access to LinkedIn.com or block the File Hosting category to prevent personal cloud storage use while still allowing access to sanctioned cloud storage providers.

    Can I Restrict Internet Access in Citrix, Remote Desktop, and/or Terminal Server Environments?

    Yes. The CurrentWare Suite is supported on desktop computers, virtual machines (VMs), and servers running modern versions of the Windows operating system.

    You can install the CurrentWare Clients on your Citrix Workspace running Windows. In addition, all CurrentWare components are compatible with Remote Desktop Services (RDS) or Terminal Servers (TS).

    When restricting internet access in Citrix with CurrentWare you can block websites on PC Mode to restrict the individual virtual machine or on User Mode to restrict internet access for specific employees across multiple devices and/or virtual machines.

    Monitoring and managing your end-users with CurrentWare in a Terminal Services environment works similarly. The exception is that in a Terminal Server/Terminal Services environment the server will be registered as an individual endpoint; to apply granular policies for each user, department, or Organizational Unit you will need to use User Mode.

    Learn More:
    CurrentWare for Remote Desktop & Terminal Server

    CurrentWare for Citrix Activity Monitoring

    CurrentWare System Requirements

    How Do I Disable Ports?

    To disable network ports you can use port blocking software such as BrowseControl.

    Here’s how to disable ports with BrowseControl:

    1. Install CurrentWare
    2. Launch the CurrentWare Web Console
    3. Choose the BrowseControl solution from the left-hand menu
    4. Click the More options MoreOpts-e1614284791765button and choose Port Filter
    5. Choose the group that you wish to filter from the drop-down menu
    6. Use the ADD button to add Port numbers, the port type and if you want to block or filter.
    7. Click ADD FILTER button to complete the process.

    Learn More: How to Block Access to TCP/UDP Ports

    What is a Port?

    port blocking”In computer networking, a port is a communication endpoint. At the software level, within an operating system, a port is a logical construct that identifies a specific process or a type of network service. A port is identified for each transport protocol and address combination by a 16-bit unsigned number, known as the port number. The most common transport protocols that use port numbers are the Transmission Control Protocol (TCP) and the User Datagram Protocol (UDP).” – Wikipedia

    Port numbers range from 0 to 65,536. They are further categorized into three categories: Well-known ports, registered ports, and ephemeral ports.

    • Well-known ports are administered by the Internet Assigned Numbers Authority (IANA). They are designed for internet use, though they can be used for other purposes.
    • Registered ports are registered by organizations for applications and reserved for their use.
    • Ephemeral ports are available for any application to use on an ad hoc basis.

    When a port is blocked, data can’t move through it. By closing unused network ports with port blocking tools you can reduce the attack surface of your network.

    Learn More:
    Definition of Port (computer networking)
    List of TCP and UDP port numbers

    How Do I Stop Employees from Accessing Certain Websites?

    To stop employees from accessing certain websites you can add those websites to the URL Block List. If you would like to block a specific category of websites you can use the Category Filtering feature to block sites that belong to categories such as porn, social media, and virus-infected.

    Can I Use Your Internet Monitoring and Web Content Filtering Software for My Remote Users?

    Yes. BrowseReporter and BrowseControl support a variety of deployment options that allow you to monitor and restrict internet use no matter where they devices are.

    To learn more about using our content filtering and monitoring software for remote workers, visit this article: How to Set Up Internet Filtering and Monitoring Software for Remote Users

    Can I Allow Local Network Access While Blocking Internet Access?

    Yes. Simply set the internet to “off” in BrowseControl and add the authorized intranet sites to the Allow List using their hostname or IP address.

    Learn More: Block Internet & Allow Intranet with BrowseControl

    How Do I Disable Internet Access for my Users?

    To completely block internet access, simply set the internet to “Off” in your BrowseControl web filtering settings. This will allow applications to connect to the internet while preventing your users from browsing the web.

    To selectively allow or block websites, add them to the Allow List (whitelist) or Block List (blacklist/deny list) of the URL filter.

    To block websites based on content, add the content category you would like to block from the Category Filtering list. You can exempt specific URLs within a category by adding them to the URL Allow List.

    What Websites Should I Block?

    Which websites you should block depends on the goals of your organization. 

    • Improve productivity by blocking distracting websites such as Facebook and games sites
    • Maintain a respectable environment by blocking inappropriate websites such as pornography, hate, or crude humor sites.
    • Improve network security by blocking high-risk websites such as peer-to-peer (P2P) file sharing, illegal streaming sites, and websites that are known to be malicious.
    • Increase internet speed by blocking bandwidth hogs such as Netflix and YouTube

    How Can I Block Ports and Internet Access for a Specific Computer?

    The BrowseControl web content filter and port blocking software allows you to assign unique web access policies for each computer, user, or workgroup.

    To restrict internet access, simply add the specific computer or user you would like to control to their own policy group, then use the Internet Scheduler, URL Filter, or Category Filter to block internet access.

    How to block ports with BrowseControl:

    1. Open your CurrentWare Web Console
    2. Choose the BrowseControl solution from the left-hand menu
    3. Click the More options MoreOpts-e1614284791765button and choose Port Filter
    4. Choose the group that you wish to filter from the drop-down menu
    5. Use the ADD button to add Port #s, the port type and if you want to block or filter.
    6. Click ADD FILTER button to complete the process.

    Learn More:

    How to Block a Website With BrowseControl

    How to Block Network Ports With BrowseControl

    Try BrowseControl for Free

    Fully Functional. Easy to use. Install in minutes