What ports should I close in modem wifi router for more protection

jana
jana used Ask the Experts™
on
Hi,

Does macbook has the same ports as windows computer?  
(for example Windows port 80 = HTTP, port 443 = SSL, etc.)

And what ports should be closed in a wifi router for better protection?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Principal Software Engineer
Commented:
And what ports should be closed in a wifi router for better protection?

On a combination firewall/router facing the internet?  All of them, unless you are actually using that port for incoming services.  This would be very unusual in a home situation unless you have a web server or mail server on your LAN.

On a WiFi access point inside your own LAN?  None of them, because ports are chosen essentially randomly from the available pool on a next-available basis.
Distinguished Expert 2018
Commented:
And what ports should be closed in a wifi router for better protection
Generally speaking, they are all closed by default. Therefore, we can actually ask the question "What ports should be open?" The answer is none. You're not running a server of any sort, and allowing remote administration of the router is a huge security risk. Keep it all closed.

Does macbook has the same ports as windows computer?  
(for example Windows port 80 = HTTP, port 443 = SSL, etc.)
TCP and UDP ports are the same regardless of the OS. Different services utilize different ports. For example, OS X has Apple Remote Desktop, which is based on VNC. Make sure that and screen sharing are disabled.
Turn on the Firewall
System Preferences --Security & Privacy --> Firewall

Make sure all sharing is turned off.
System Preferences --> Sharing
Uncheck ALL checkboxes.

That will stop any remote access to the Mac.  By default, sharing is turned off.

You don't actually need to turn on anything to block on the router.  Unlike Windows, OS X comes with most of the stuff turned off.  You have to turn them on to activate services and ports.

I just ran nmap on my system and have a few ports turned on from apps.  All others are off.  Your internet router should have external ports already closed off by default.  You would have to open the ports in the configuration to have them open.
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

DarinTCHSenior CyberSecurity Engineer
Commented:
the default action of a firewall is Deny/Block

do you have a dedicated firewall - or one built into your home router

blocking everything makes us more secure and minimizes RISK

however it's not practical - we need to access external resources

and we therefore open ports (small pinholes in our firewall) to allow selected traffic over specific ports between specific devices

and finally yes MAC/Apple uses the same ports as windows machines

--these are industry standards - not vendor specific

https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers

so to finalize - from a security standpoint close ALL the doors (ports)

and only explicitly allow (open) ports that you deem necessary

we do this by allowing a port between 2 ip addresses (or zones)

a better firewall is NGFW - next gen FW - which only allows certain applications over those ports/IPs/zones

Author

Commented:
Hi,

Forgot to mention, this macbook is in a home, there is no servers, no hardware firewall, and my assistant connects to the office when needed; also there is a router behind the modem – all are wireless.  Will do the closing all.

Is there a way or tools to make sure the ports on the modem and router are closed?
Distinguished Expert 2018

Commented:
If you know the public IP that the router has, you could attempt a port scan from outside.

Author

Commented:
How port scan from outside?
Distinguished Expert 2018

Commented:
From another location, use an application like nmap. Alternatively, you could get a subscription with a service such as pentest-tools.com (note: a number of services limit how many ports you can scan).
DarinTCHSenior CyberSecurity Engineer
Commented:
regarding scanning ports - to determine which is open....
solarwinds makes a free one

and here is a site with a few port scanning ideas
https://securitytrails.com/blog/best-port-scanners
https://securitytrails.com/blog/top-scanned-ports

and since your new to this here is an overview of whats involved

https://www.varonis.com/blog/port-scanning-techniques/

be safe......

Author

Commented:
Thanx!

Author

Commented:
Thanx all!

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial