Blocking Network Ports
BrowseControl's port filter provides an added layer of security for your network by allowing administrators to effortlessly block unused and exploitable ports. Port filtering can be configured to fit the unique needs of each department, ensuring that only the exact ports they need are enabled.
Proactively block unused network ports to limit internet security vulnerabilities
Prevent unauthorized FTP file transfers, torrents, and proxies by blocking the ports required for these activities.
Block TCP/UDP ports by range of ports or by specific individual port numbers
Port filtering overview
Port filtering can be configured to fit the unique needs of each department, ensuring that only the exact ports they need are enabled.
What is port filtering?
The internet and applications use predetermined TCP/UDP ports to transmit network protocol packets (data). Port filtering is the practice of allowing or blocking (opening/closing) ports to prevent specific operations such as file transfers through ports used for FTP and torrents.
Why should I block network ports?
Malicious hackers can use dedicated tools to scan for open ports in your network. Once they find open ports they can use it to search for potential vulnerabilities that they can use to gain unauthorized access into your network. By proactively blocking unused ports you can reduce the attack surface available to threat actors and improve the security of your network.
What’s the best way to use port filtering?
The best way to use port filtering is the implicit deny model. This model dictates that any traffic that is not explicitly permitted should be denied by default. To recreate this model in BrowseControl, use the Port Filter to close any network ports that are not critical to your organization.
How to discover which ports need to be left open:
Product Documentation: Consult the manuals of any software and hardware used in your organization and see if they require specific ports to be left open.
Netstat & Resource Monitor: Use a netstat command and Windows resource monitor to identify ports that are currently in use by a specific computer.
Network Analytics: Various types of network monitoring tools will include features for reporting on network port activity, including which ports are used by the organization.
Trial & Error: If you only use internet-connected computers and have no other special needs, try blocking all ports except for port 80 (HTTP internet) and port 443 (HTTPS internet). Test all services and applications in your organization to see if there are any connection issues and monitor IT support tickets for any unforeseen issues.
Research Ports: If you need to perform special actions such as file transfers over FTP or hosting your own email servers you’ll need to consult this list to see the ports that are required by each of them.