Insecure ports -CompTIA Security +

12 Apr, 2025

Hola!

I think is cool to learn ports for efficiency i leave here the insecure ports as a personal wiki, references are from the book of Ian Neil on CompTIA plus editing on mark down by AI. Did a missed one? Discuss this post here Bluesky

Protocol	Port(s)	Main Use	Risks / Insecurity	Secure Alternative
Telnet	TCP 23	Remote access and command execution	Plain text transmission, password theft	SSH
FTP	TCP 21	File transfer	Insecure, data and credentials in plain text	SFTP
SMTP	TCP 25	Email delivery between servers	Unencrypted	SMTPS
DNS	UDP/TCP 53	Name resolution, queries, and zone transfers	Vulnerable without protection	DNSSEC
DHCP	UDP 67/68	Automatic IP address assignment	Can be exploited without secure authentication	-
TFTP	UDP 69	Simple, unauthenticated file transfer	No authentication or encryption	-
HTTP	TCP 80	Web browsing	Unencrypted, vulnerable to interception	HTTPS
POP3	TCP 110	Email retrieval (no server copy retained)	Unencrypted	POP3S
NTP	UDP 123	Network time synchronization	Can be exploited for DDoS attacks	-
NETBIOS	TCP/UDP 137-139	Name resolution, legacy file and print services	Legacy services, unnecessary exposure	-
IMAP4	TCP 143	Email access	Unencrypted	IMAPS
SNMP v1/v2	UDP 161	Network device monitoring and reporting	Uses plain-text "community strings"	SNMPv3
LDAP	TCP 389	Directory access (e.g., Active Directory)	Vulnerable without encryption	LDAPS

Other Risks / Insecure Elements	Description	Recommendation
Unsecured networks	Includes open Wi-Fi, unprotected wired networks, and weak Bluetooth connections	Use WPA2/3 encryption, secure Bluetooth pairing
Open service ports	Expose services that attackers can scan and exploit	Close unnecessary ports
Default credentials	Manufacturer-set credentials that can be exploited by attackers	Change default passwords
Misconfigurations	Poor system settings (open ports, default settings unchanged)	Regularly audit and review configurations

Assisted by AI