Port Filtering With BrowseControl

BrowseControl is a host-based web filtering and port blocking software for filtering TCP/UDP network ports on endpoint devices. Effortlessly block unused and exploitable ports to reduce the attack surface of your network.

browsecontrol-logo

Try BrowseControl for Free

Fully functional. Easy to use. Install in minutes.

cybersecurity expert on a laptop ion front of servers

Block Unused Network Ports

  • Deny by Default: All ports should be closed by default unless there is a documented, reviewed, and approved business case.
  • Defense in Depth: Combine BrowseControl’s host-based port filtering with a perimeter-based firewall for a defense-in-depth approach.
  • Risk Assessment: Any port can be exploited by an attacker. Blocking unused ports reduces the attack surface of your network.

Why Block Network Ports?

Malicious hackers can use port scanning tools to discover open ports in your network.

Once they find open ports they can use it to search for potential vulnerabilities that they can use to gain unauthorized access into your network.

By proactively blocking unused ports with port blocking software you can reduce the attack surface available to threat actors and improve the security of your network.

cybersecurity expert on a laptop ion front of servers
cybersecurity expert on a laptop ion front of servers

What is Port Filtering?

The internet and applications use predetermined TCP/UDP ports to transmit network protocol packets (data).

Port filtering is the practice of allowing or blocking (opening/closing) network packets into or out of a device or the network based on their port number.

Blocking network ports allows administrators to restrict specific operations such as file transfers through ports used for FTP and torrents.

Recommended Ports to Block

While any port can be potentially exploited, there are some ports that are known security risks. If a Deny-by-Default approach isn’t feasible for your organization, try these recommended ports to block.

  • Internet Relay Chat (IRC): Botnets can use IRC to communicate with infected machines. Close the port range 6660 – 6669 to block IRC.
  • Telnet: Telnet is not a secure protocol and is unencrypted. Block port 23 to restrict access to it
  • Memorable Numbers: Some malware authors use easy-to-remember numbers such as 234, 6789, 1111, 666, and 8888
  • File Transfer Protocol (FTP): FTP is used to transfer computer files from a server to a client on a computer network. Block port 21 to restrict this data egress point on client computers.
cybersecurity expert on a laptop ion front of servers
cybersecurity expert on a laptop ion front of servers

What Ports Need to Be Left Open?

Port requirements are unique to each organization and its networks. The ports required by business applications will evolve over time as well. Here are some ways to determine what ports you need to keep open.

  • Product Documentation: Consult the manuals of any software and hardware used in your organization and see if they require specific ports to be left open.
  • Netstat & Resource Monitor: Use a netstat command and Windows resource monitor to identify ports that are currently in use by a specific computer.
  • Trial & Error: If you only use internet-connected computers and have no other special needs, try blocking all ports except for port 80 (HTTP internet) and port 443 (HTTPS internet). Test all services and applications in your organization to see if there are any connection issues and monitor IT support tickets for any unforeseen issues.
  • Research Ports: If you need to perform special actions such as file transfers over FTP or hosting your own email servers you’ll need to consult this list to see the ports that are required by each of them.
browsecontrol-logo

Try BrowseControl for Free

Fully functional. Easy to use. Install in minutes.

BrowseControl Web Filtering Features

Internet Off
Internet ON/OFF

One click to completely block
users from browsing the web

URL Filter
URL Filter

Allowed list or Blocked list for
specific URLs

Category Filtering
Category Filtering

Block websites based on specific web content categories

Internet Scheduler
Internet Scheduler

Schedule internet use policies for specific times of the day

Bandwidth Tracker
Safe Search

Enforce safe search to prevent
explicit search results

Internet Quota
Internet Quota

Set a time-based quota for
internet browsing

Download Filter
Download Filter

Block files from being downloaded from the internet

Port Filter
Port Filter

Close unused and high-risk
TCP/UDP ports

Customized Message
Customize Message

Display a customized warning
message on blocked websites

Application Blocker
Application Blocker

Block specific Windows
applications from launching

Internet Timer
Timer

Allocate specific time for your
users to access the Internet

Stealth
Stealth Mode

Restrict internet use without
altering users

Centralized Console

Central Web Console

Access the administrative console from a web browser on any computer in your network

Remote Client Install

Remote Client Install

Easily deploy the CurrentWare Client remotely to all of your networked computers

Offsite Management

Offsite Management

Extend onsite Internet usage policies to laptops running outside the corporate network

Email Report

SQL Server Supported

Our database is scaled for
enterprise and large business
operations

The BrowseControl Logo, web filtering software

Try BrowseControl for Free

Fully functional. Easy to use. Install in minutes.