Problem solve Get help with specific problems with your technologies, process and projects.

Can open ports increase LAN exposure?

Michael Chapple, SearchSecurity.com's network security expert, explains the risks of open ports and how to properly secure these exposed connection sites.

I have a Router on my LAN that connects all host PCs to each other. My router has an open port for Internet access, (and there will be an open port for my future remote desktop terminal connections). How exposed is my LAN? Can a port scanner see my router and its open port? Or is it only hosts whom I connect to that can become aware of my IP Address?

In general, you should not have any open ports on the front of your router/firewall unless you're hosting a service (e.g. a Web site) on your local network that requires public access. Most small/home office routers come with a default policy that is configured to allow any outbound traffic and deny all inbound traffic. This is the desired policy, and I'd strongly recommend that you stick with it.

You mentioned a future requirement for remote desktop connections. If you do expose a remote management port, you should ensure that it's using a strongly encrypted connection or is tunneled through a virtual private network (VPN). If at all possible, you should also limit access to specific IP addresses, ones from which you expect inbound connections.

This was last published in September 2006

Dig Deeper on VPN security

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.