Hello, you are using an old browser that's unsafe and no longer supported. Please consider updating your browser to a newer version, or downloading a modern browser.
Training Camp • Cybersecurity Glossary
A network port intentionally closed by a firewall or ACL to deny traffic on that service, shrinking the attack surface of exposed systems.
Blocked Port Definition: A network port intentionally closed by a firewall or ACL to deny traffic on that service, shrinking the attack surface of exposed systems.
A blocked port is a network port that has been intentionally restricted so that traffic to or from it is denied. By closing ports that correspond to unneeded or risky services, administrators prevent communication over those pathways, reducing the attack surface and stopping unauthorized access to potentially vulnerable services.
Ports are blocked using firewall rules, router or switch access control lists (ACLs), host-based firewalls, and security group policies that drop or reject packets matching a given protocol and port number. A blocked port can either silently drop traffic (appearing "filtered" to a scanner) or actively reject it with a reset or ICMP unreachable. This differs from a simply closed port, which has no listening service but is not necessarily filtered; a blocked port is enforced by policy regardless of whether a service is running behind it.
For security, port blocking is a foundational control implementing default-deny and least-functionality principles. Common targets include high-risk management ports such as Telnet (23), SMB (445), and RDP (3389) at the network perimeter, which are frequently scanned and exploited by worms and ransomware. Blocking unused ports limits lateral movement, prevents exploitation of forgotten services, and is required by hardening standards like the CIS Benchmarks. Misconfigured blocking can also cause outages, so changes are managed carefully.
For example, after a ransomware campaign that spread via exposed RDP, a security team blocks inbound TCP 3389 at the perimeter firewall and on host firewalls, allowing remote access only through a VPN with multi-factor authentication. A subsequent internet scan of the organization's address space shows port 3389 as filtered rather than open, confirming that automated attackers probing for exposed RDP can no longer reach the service and the exposure has been eliminated.
Turn knowledge into credentials with our instructor-led cybersecurity boot camps.
View All Courses →