Ports of Entry: How to Lock Down Your Computer Like a Cyber Fortress

When it comes to digital security, most people focus on passwords, antivirus software, or using a VPN. But there’s a silent frontier that often gets overlooked—open ports.

Think of ports as doors and windows into your computer. Some of them need to be open—like the front door when guests are expected. But if you leave too many doors open, you're inviting trouble.

In this post, we will go over:

• What ports are (in human terms)

• How to find out which ports are open

• How to determine which ports are necessary

• How to close or block the rest

• How to use a firewall to manage access like a pro

Whether you’re on Windows, macOS, or Linux, this guide will help you level up your operational security.

First, What Even Is a Port?

Your computer uses IP addresses to talk to other computers and services. But it also needs ports to organize that communication.

• Imagine your IP address as your street address.

• Ports are like apartment numbers—each one directs traffic to a specific service.

For example:

• Port 80: used for unencrypted web traffic (HTTP)

• Port 443: used for encrypted web traffic (HTTPS)

• Port 22: used for SSH remote login

There are 65,535 TCP and UDP ports. And while only a few are typically open, any open port is a potential attack surface.

Step 1: Scan Your System for Open Ports

This is your recon mission. You want to know:

• What ports are currently open?

• What services are using them?

On Windows

1. Open Command Prompt (as Administrator)

2. Type:

netstat -abno

• -a: shows all connections and listening ports

• -b: shows the executable involved

• -n: shows addresses/ports numerically

• -o: shows the process ID (PID)

Look for lines like this:

TCP    0.0.0.0:135     ...    LISTENING     996

That 135 is a port in use.

3. Cross-reference the PID in Task Manager to see what app is using it.

On Linux/macOS

Open Terminal and use:

sudo lsof -i -P -n | grep LISTEN

or

sudo netstat -tuln

• t: TCP

• u: UDP

• l: Listening

• n: Show numeric IPs and ports

You’ll get something like:

nginx    2371 root    6u  IPv4  12345  0t0  TCP *:80 (LISTEN)

This shows port 80 is open and being used by Nginx.

Step 2: Decide Which Ports You Actually Need

Here’s a quick reference:

Ask Yourself:

• Am I running a web server? (If not, close 80/443)

• Am I allowing remote login? (If not, close 22 or 3389)

• Do I even know what this service is? (If not, shut it down!)

Step 3: Close or Block Unused Ports

This is how you slam the door shut.

On Windows

Option A: Use Windows Firewall

1. Search “Windows Defender Firewall with Advanced Security”

2. Click Inbound Rules

3. Find a rule you want to disable or create a New Rule

   • Type: Port

   • Choose TCP or UDP

   • Enter the port number

   • Block the connection

Option B: Disable the service

If a port is tied to a service you don’t need:

1. Press Win + R, type services.msc

2. Find the service (e.g., “Remote Desktop Services”)

3. Right-click → Stop, then Disable

On Linux (iptables or ufw)

Using ufw (easier):

sudo ufw status 
sudo ufw deny 22     # blocks SSH
sudo ufw deny 3306   # blocks MySQL 
sudo ufw allow 443   # allow HTTPS if needed

Then enable the firewall:

sudo ufw enable

Or

Using iptables (advanced):

sudo iptables -A INPUT -p tcp --dport 22 -j DROP

Be careful with iptables—it can lock you out if you’re SSHed in!

On macOS

macOS uses pfctl (Packet Filter) under the hood, but the easiest way is:

Using the GUI:

• System Settings → Network → Firewall → Options

• Block incoming connections to non-essential services

Using Terminal:

sudo lsof -iTCP -sTCP:LISTEN -n -P

Then stop the service using launchctl or kill.

Step 4: Use a Firewall Like a Bouncer

A firewall watches the doors. You decide who gets in and who doesn’t.

• Windows Firewall: Pretty good out of the box.

• Linux ufw: Simple and powerful.

• Mac Firewall: Basic, but does the job.

Pro Tip: Use an Application Firewall

• Little Snitch (macOS)

• GlassWire (Windows)

• OpenSnitch (Linux)

These let you block apps by name or behavior, not just by port.

Step 5: Regularly Audit Your Ports

Set a reminder every month or so to:

• Run a port scan on yourself (nmap localhost or nmap your-ip)

• Check for new apps that may open ports

• Reassess which services you actually use

You can even use online tools like Shodan.io to see what the world can see on your public IP.

⚠️ Bonus: Don’t Rely on Obscurity

Some people say, “I’ll just move my SSH port to 2222 instead of 22.” That might slow down attackers, but it doesn’t secure you.

Best practice:

• Use firewalls

• Use key-based SSH auth (not passwords)

• Never expose sensitive services like databases to the public internet

Closing unused ports is one of the simplest yet most powerful things you can do to protect your system.

It’s like locking your doors at night—not paranoid, just smart.

When you’re building or securing systems, especially cloud servers, IoT devices, or even personal laptops, less is more. The fewer open ports, the fewer ways someone can get in.

Start with awareness. Then take control. And finally—keep watch.

You’ve got this.

If you found this useful, share it with a friend, colleague, or that one family member who still runs Windows XP and doesn't know what a port is. (You know who I’m talking about.)

Stay safe, stay locked down.