Securing open ports on a Linux computer is an important part of keeping it safe from potential threats. Learn the steps necessary to ensure that your Linux computer has its ports securely open, such as finding which ports are open and configuring them to be secure.
Find What Ports are Open on the computer
It is very important to know what ports are open on the computer. This will allow you to ensure those ports are secure and all open ports are necessary and have minimal security risks. You want to find out the open ports, you can use a tool like nmap to scan your computer for open ports. You can then use this information to configure the firewall on the Linux system to block all unnecessary ports.
Use nmap to find all open ports
Use Zenmap to find all open ports
Scanning open ports with nmap is not too complicated but if you want even an easier tool, then use Zenmap, the graphical interface for nmap.
Zenmap is available in almost all Linux distributions repository, so use the package manager to install it.
Once installed, enter the target IP address to scan all open ports. For local computer, use
Use lsof to find open ports
We can also use
lsof, a command-line utility, to find all open ports on our Linux server. Use the following command to list all the open network connections –
sudo lsof -i -P -n | grep LISTEN
Block Unnecessary Services on the Host System
One of the easiest ways to secure open ports on Linux is to block unnecessary services on the host computer. All unnecessary services running on the machine can leave ports open and accessible to potential attackers. First review the list of services currently running, then disable or uninstall any that are unnecessary or potentially dangerous. This will help reduce opportunities for potential exploits and keep your system safe.
Remember that some time killing or terminating a service might be a good idea to stop and service and close the connections to/from an open port but it’s only temporary. If the service is set up to auto-start on startup, it will start communicating through open ports. So if you do not need a process, instead of killing it, uninstall the package that created the process.
If you opened the port manually for a specific service, you will need to close the port by dropping all the network packets.
For example, if you installed an FTP server but no longer use it, the FTP port 21 is open. You can manually uninstall the FTP server and close the FTP port using iptable.
sudo iptables -A INPUT -p tcp --dport 21 -j DROP
Change Default Passwords on Any Accessible services
If any services cannot be uninstalled, it’s important that you change the default passwords used to access them. Attackers are always looking for opportunities to take advantage of machines with default settings, so making sure to update passwords and usernames is a key step in securing open ports on a Linux machine. Updating credentials regularly can also help provide an extra layer of security.
Remove or Restrict Access to Unnecessary and Sensitive Files and Directories
After all services have been secured, it’s important to make sure that access to unnecessary and sensitive files and directories are removed or restricted. Any files or folders containing confidential information should be protected with the highest level of security by setting up strong authentication methods such as two-factor authentication. If a service is not being used, you can also choose to disable it or enable restrictive permissions on the file system to further protect your Linux device.
We have written an article on Linux file permissions. Please read it carefully and make it a habit of setting up correct directory/file permissions.
Use Firewalls and Port Forwarding for Optimal Protection On Remote-Access Services
If you’re allowing people to access your device remotely, be sure to set up firewalls and port forwarding for the services. To protect the service from possible attackers, configure a firewall to restrict access from unwanted sources by setting rules based on IP address or domain name, and enable a secure authentication method such as two-factor authentication. Also, use port forwarding for good measure and redirect any incoming traffic to the ports required for the service. This helps improve security and reduce the chances of unnecessary data leakage.
We can use
iptables` for port forwarding –
sudo iptables -t nat -A PREROUTING -p tcp --dport <source_port> -j DNAT --to-destination <destination_IP_address>:<destination_port>
All open ports on a computer network are the open doors for attackers to sniff into. The least the open ports, the minimum chances of attackers exploiting any vulnerability to get into the system.
Monitoring ports status is a healthy habit to keep the server secure. Use iptables, ufw or other firewall to close unnecessary open ports. If you need any help regarding any section of the article, please let me know in the comment section.