Skip to main content

Planning for Network Protocol Security

Your initial design for your network infrastructure should include the types of protocols to be used. You should check these protocols carefully to see if there are any known security vulnerabilities associated with them. Many IP-based services such as FTP, TELNET, and HTTP use clear text by default. You will need to find an alternative way of securing that traffic. The best way of doing this is to use an IPSec Security policy.

Servers run many different services, so it is critical for you to know what ports and protocols these services use. Once you have identified the services and protocols on your network, you can configure ports using IP filtering on your firewalls to allow specific types of traffic.

A useful approach is to initially deny everything and then open up only the ports you need. The table below lists popular server services and their associated ports and protocols.

Service Port Protocol
FTP-Data 20 TCP
FTP 21 TCP
Telnet 23 TCP
SMTP 25 TCP
DNS 53 TCP/UDP
HTTP 80 TCP
POP3 110 TCP
RPC Location 135 TCP
NetBIOS 137 TCP
NetBIOS Datagram 138 UDP
NetBIOS Session 139 TCP
IMAP 143 TCP
SNMP 161 TCP/UDP
SNMPTRAP 162 TCP/UDP
LDAP 389 TCP/UDP
HTTPS 443 TCP
SQL 1433 TCP
PPTP 1723 TCP
IAS (RADIUS) 1812 UDP
IAS (RADIUS) 1813 UDP
Remote Desktop 3389 TCP/UDP


Next: IPSec Policies for Secure Network Communications