In general, you should not have any open ports on the front of your router/firewall unless you're hosting a service
(e.g. a Web site) on your local network that requires public access. Most small/home office routers come with a default policy that is configured to allow any outbound traffic and deny all inbound traffic. This is the desired policy, and I'd strongly recommend that you stick with it.
You mentioned a future requirement for remote desktop connections. If you do expose a remote management port, you should ensure that it's using a strongly encrypted connection or is tunneled through a virtual private network (VPN). If at all possible, you should also limit access to specific IP addresses, ones from which you expect inbound connections.
Dig deeper on IPsec VPN Security
Related Q&A from Mike Chapple, Enterprise Compliance
Should companies obtain U.S. security clearance to join the Enhanced Cybersecurity Services program? Mike Chapple offers his perspective.continue reading
Does a Web application security assessment termed 'compliance ready' seem too good to be true? Learn its role in an enterprise compliance program.continue reading
Learn how hiring the right PCI DSS-compliant service providers, especially payment services providers, can reduce your compliance burden.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.