42. Secure Ports
Some protocols send data in clear text (plain, unencrypted form). That means usernames, passwords, messages, and files can be read by network sniffing (capturing and inspecting network traffic). Secure alternatives use encryption (scrambling data so others cannot read it).
Common insecure protocols and safer alternatives
FTP (File Transfer Protocol) – port 21
Sends files and login details in plain text.
Safer option: SFTP (Secure File Transfer Protocol) – port 22 (encrypted file transfer)Telnet – port 23
Sends all session data in plain text.
Safer option: SSH (Secure Shell) – port 22 (encrypted remote access)SMTP (Simple Mail Transfer Protocol) – port 25
Basic email sending without encryption.
Safer option: SMTP with TLS (Transport Layer Security) – port 587 (encrypted email transfer)Time Protocol – port 37
Older time-sync protocol with weaker handling.
Safer option: NTP (Network Time Protocol) – port 123 (modern network time sync)DNS (Domain Name Service) – port 53
Standard DNS can be observed or changed in transit.
Safer option: DNS over TLS (DoT) – port 853 (encrypted DNS requests)HTTP (HyperText Transfer Protocol) – port 80
Web traffic is not encrypted.
Safer option: HTTPS (Hypertext Transfer Protocol Secure) – port 443 (encrypted web traffic using TLS)IMAP (Internet Message Access Protocol) – port 143
Email retrieval without encryption.
Safer option: IMAPS (Internet Message Access Protocol Secure) – port 993 (encrypted email retrieval)SNMP (Simple Network Management Protocol) – ports 161/162
Used for network management. Older versions are insecure.
Safer option: SNMPv3 (Simple Network Management Protocol version 3) (adds security features and encryption)SMB (Server Message Block) – port 445
Used for file sharing, especially in Windows environments. It has many known vulnerabilities, and files may be exposed if used insecurely. It should not be allowed through a perimeter firewall.
Safer option: NFS (Network File System) – port 2049 (network file sharing alternative)LDAP (Lightweight Directory Access Protocol) – port 389 Directory communication without encryption.
Safer option: LDAPS (Lightweight Directory Access Protocol Secure) – port 636 (encrypted directory communication)
Main Idea
Avoid clear-text protocols and use encrypted versions whenever possible.