Screenshot of category filtering window from BrowseControl web filter. Porn and social media categories blocked.

Block Ports With BrowseControl’s Port Filtering Tool

BrowseControl is a host-based web filtering and port blocking software for filtering TCP/UDP ports on endpoint devices.

Effortlessly block ports that are unused and exploitable to reduce the attack surface of your network.

Start Your Free Trial Today

Trusted by

& many more

Trusted by

and many more

cybersecurity expert on a laptop ion front of servers

Port Filter to Block Unused Ports

BrowseControl’s port filtering feature allows you to block port numbers based on a variety of well-known ports, specific port numbers, or a port range.

Deny by Default: All ports should be closed by default unless there is a documented, reviewed, and approved business case.
Defense in Depth: Combine BrowseControl’s host-based port filtering with a perimeter-based firewall for a defense-in-depth approach.
Risk Assessment: Any port can be exploited by an attacker. Blocking unused ports reduces the attack surface of your network.

Why Block Ports?

Malicious hackers can use port scanning tools to discover open ports in your network.

Once they find an available port number they can use it to search for potential vulnerabilities that they can use to gain unauthorized access into your network.

By proactively blocking unused ports with port blocking software you can reduce the attack surface available to threat actors and improve network security by making the filtered port inaccessible.

What is Port Filtering?

Port filtering is the practice of filtering packets based on port number to restrict traffic within a network.

The internet and applications use Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) ports to transmit network protocol packets (data).

In a TCP/IP network, a port is a number that identifies the type of network traffic. If an incoming or outgoing port is “closed,” packets with that port number are not allowed into or out of the LAN. With BrowseControl’s port filter these packets are restricted on a per-endpoint basis.

Ports 1024 to 49151 are Registered Ports. Ports 49152 to 65535 are Public Ports.

Using a port filter allows administrators to restrict specific operations such as file transfers through FTP and torrents. With the filtered port inaccessible you can reduce the attack surface of your network.

Recommended Ports to Block

While any port number can be potentially exploited, there are some ports that are known security risks.

For example, port 20 and 21 are used by the File Transfer Protocol (FTP). Generally, port 21 is used to establish the connection between the 2 computers (or hosts) and port 20 is used to transfer data (via the Data channel).

If a Deny-by-Default approach isn’t feasible for your organization, try these recommended ports to block in your port filter.

Internet Relay Chat (IRC): Botnets can use IRC to communicate with infected machines. Close the port range 6660 – 6669 to block IRC.
Telnet: Telnet is not a secure protocol and is unencrypted. Block port 23 to restrict access to it
Memorable Numbers: Some malware authors use easy-to-remember numbers such as 234, 6789, 1111, 666, and 8888
File Transfer Protocol (FTP): FTP is used to transfer computer files from a server to a client on a computer network. Block port 21 to restrict this data egress point on client computers.

What Ports Need to Be Left Open?

Port requirements are unique to each organization and its networks; which ones are considered important ports with vary widely based on the software/services used and network setup.

The specific ports required by business applications will evolve over time as well. Here are some ways to determine which ones you need to keep open.

Product Documentation: Consult the manuals of any software and hardware used in your organization and see if they require particular TCP/UDP ports to be left open.
Netstat & Resource Monitor: Use a netstat command and Windows resource monitor to identify ports that are currently in use by a specific computer.
Trial & Error: If you only use internet-connected computers and have no other special needs, try blocking all ports except for port 80 (HTTP) and port 443 (HTTPS). Test all services and applications in your organization to see if there are any connection issues and monitor IT support tickets for any unforeseen issues.
Research Ports: If you need to perform special actions such as file transfers over FTP or hosting your own email servers you’ll need to consult this list to see the ports that are required by each of them.

Try BrowseControl for Free

Fully functional. Easy to use. Install in minutes.

Get Your Free Trial

Buy Licenses Now

BrowseControl Web Filtering Features

Try BrowseControl for Free

Fully functional. Easy to use. Install in minutes.

Get Your Free Trial

Buy Licenses Now

Cookie	Duration	Description
__cfruid	session	Cloudflare sets this cookie to identify trusted web traffic.
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
JSESSIONID	session	The JSESSIONID cookie is used by New Relic to store a session identifier so that New Relic can monitor session counts for an application.
LS_CSRF_TOKEN	session	Cloudflare sets this cookie to track users’ activities across multiple websites. It expires once the browser is closed.
OptanonConsent	1 year	OneTrust sets this cookie to store details about the site's cookie category and check whether visitors have given or withdrawn consent from the use of each category.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
__cf_bm	30 minutes	This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.
_zcsr_tmp	session	Zoho sets this cookie for the login function on the website.

Cookie	Duration	Description
_calendly_session	21 days	Calendly, a Meeting Schedulers, sets this cookie to allow the meeting scheduler to function within the website and to add events into the visitor’s calendar.
_gaexp	2 months 11 days 7 hours 3 minutes	Google Analytics installs this cookie to determine a user's inclusion in an experiment and the expiry of experiments a user has been included in.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_ga_GY6RPLBZG0	2 years	This cookie is installed by Google Analytics.
_gcl_au	3 months	Provided by Google Tag Manager to experiment advertisement efficiency of websites using their services.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
CONSENT	2 years	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.

Cookie	Duration	Description
_opt_expid	past	Set by Google Analytics, this cookie is created when running a redirect experiment. It stores the experiment ID, the variant ID and the referrer to the page that is being redirected.
IDE	1 year 24 days	Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.
NID	6 months	NID cookie, set by Google, is used for advertising purposes; to limit the number of times the user sees an ad, to mute unwanted ads, and to measure the effectiveness of ads.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt.innertube::nextId	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.

Block Ports With BrowseControl’s Port Filtering Tool

Trusted by

& many more

Trusted by

and many more

Port Filter to Block Unused Ports

Why Block Ports?

What is Port Filtering?

Recommended Ports to Block

What Ports Need to Be Left Open?

Try BrowseControl for Free

BrowseControl Web Filtering Features

Internet ON/OFF

URL Filter

Category Filtering

Application Blocker

Google Safe Search

Customize Message

Download Filter

Port Filter

Internet Quota

Internet Scheduler

Timer

Stealth Mode

Centralized Console

Platform Security

Offsite Management

SQL Server Supported

Try BrowseControl for Free

Cookie	Duration	Description
_dc_gtm_UA-6494714-6	1 minute	No description
_gaexp_rc	past	No description available.
34f6831605	session	No description
383aeadb58	session	No description available.
663a60c55d	session	No description available.
6e4b8efee4	session	No description available.
c72887300d	session	No description available.
cookielawinfo-checkbox-tracking	1 year	No description
crmcsr	session	No description available.
currentware-_zldp	2 years	No description
currentware-_zldt	1 day	No description
et_pb_ab_view_page_26104	session	No description
gaclientid	1 month	No description
gclid	1 month	No description
handl_ip	1 month	No description available.
handl_landing_page	1 month	No description available.
handl_original_ref	1 month	No description available.
handl_ref	1 month	No description available.
handl_ref_domain	1 month	No description
handl_url	1 month	No description available.
handl_url_base	1 month	No description
handlID	1 month	No description
HandLtestDomainName	session	No description
HandLtestDomainNameServer	1 day	No description
isiframeenabled	1 day	No description available.
m	2 years	No description available.
nitroCachedPage	session	No description
organic_source	1 month	No description
organic_source_str	1 month	No description
traffic_source	1 month	No description available.
uesign	1 month	No description
user_agent	1 month	No description available.
ZCAMPAIGN_CSRF_TOKEN	session	No description available.
zld685336000000002056state	5 minutes	No description