In AP Cybersecurity, an open port is a logical port on a device that is actively listening for and accepting incoming network traffic, which makes it a possible doorway into a network that firewalls and access control lists are configured to allow or deny.
A port is a numbered logical channel that lets a device sort network traffic to the right service. An open port is one that's actively listening, meaning a service is running behind it and ready to accept a connection. Think of ports as numbered doors on a building. An open port is an unlocked door someone is standing behind, waiting to let traffic in.
Open ports matter because every open door is a possible way in for an attacker. That's exactly what firewalls manage. A stateless firewall (EK 3.4.A.2) filters traffic based on packet header info like IP addresses, ports, and protocols, so it can block traffic headed for a port you don't want exposed. Network administrators write access control list (ACL) rules (EK 3.4.B.1) that name a direction, a filter criterion like a logical port, and an action to permit or deny. A rule like Allow inbound TCP port 22 from ALL; keeps port 22 open for SSH, while a deny rule slams a door shut.
This term lives in Unit 3: Securing Networks, specifically topic 3.4 Protecting Networks: Firewalls. It's the thing firewall rules act on. Learning objective AP Cybersecurity 3.4.B asks you to explain how a firewall uses an ACL to allow or deny traffic, and AP Cybersecurity 3.4.D asks you to configure a firewall to manage traffic flow. Both depend on understanding which ports are open and which should be closed. The illustrative examples in EK 3.4.D.2 are literally port-based rules. If you understand that port 22 is for SSH and port 80 is for HTTP, you can read and write those ACL rules and predict what traffic gets through.
Keep studying AP Cybersecurity Unit 3
Visual cheatsheet
view galleryFirewall (Unit 3)
A firewall is the tool that decides whether an open port stays reachable. Open ports are the targets; the firewall is the gatekeeper that allows or denies traffic to them based on ACL rules.
Port and Destination Port (Unit 3)
An open port is just a port that's actively listening. When traffic arrives, the destination port in the packet header tells the firewall where it's headed, and the firewall checks whether that port should be open.
Packet Filtering (Unit 3)
A stateless firewall does packet filtering by reading port numbers in headers. That's how it enforces which ports stay open: it inspects the destination port and matches it against the ACL.
Host-Based Firewall (Unit 3)
A host-based firewall controls open ports on a single device instead of the whole network. It can close ports an individual machine doesn't need, shrinking that machine's exposure even inside a trusted segment.
Expect open ports to show up in firewall and ACL questions. Multiple-choice stems may give you a rule like Deny inbound TCP port 80 from 192.168.1.0/24; and ask what traffic it blocks, or hand you a scenario and ask which port to close to stop a specific service. You'll need to connect port numbers to protocols (port 22 to SSH, port 80 to HTTP) and predict the outcome of an ACL rule. No released FRQ has used the phrase "open port" verbatim, but configuring or evaluating firewall rules is exactly the work of AP Cybersecurity 3.4.B and 3.4.D, so be ready to write or read a rule that opens or closes a port for a named service.
An open port is actively listening and will accept a connection; a closed port has no service listening, so connection attempts get refused or dropped. A firewall can also make an open port unreachable by denying traffic to it in the ACL, which is different from the port being closed at the host. Security-wise, fewer open ports means fewer doors an attacker can try.
An open port is a logical port actively listening for and accepting incoming network traffic, which makes it a potential entry point for attackers.
Firewalls control open ports using access control list (ACL) rules that permit or deny traffic by direction, port, IP address, protocol, service, or application.
A stateless firewall can allow or deny traffic to a port just by reading the port number and protocol in the packet header (EK 3.4.A.2).
Common port-to-protocol pairings like port 22 for SSH and port 80 for HTTP let you read and write ACL rules correctly.
ACL rules are checked in order, and the first matching rule decides whether traffic to that port is allowed or denied (EK 3.4.B.2).
An open port is a logical port on a device that is actively listening for incoming connections, meaning a service is running and ready to accept traffic. It matters because every open port is a possible way into a network, which is why firewalls use ACL rules to control them (AP Cybersecurity 3.4.B).
Not automatically, but it is exposure. An open port is only as safe as the service behind it and the firewall rules in front of it. The CED's approach is to give each network segment a firewall (EK 3.4.C.1) and write ACL rules that leave open only the ports you actually need.
An open port has a service listening and will accept connections; a closed port has nothing listening, so connection attempts are refused. A firewall can also block traffic to an open port through an ACL deny rule, which makes the port unreachable even though it's still technically listening.
A firewall uses an access control list rule that names the direction, the port to filter on, and a deny action, like Deny inbound TCP port 80 from 192.168.1.0/24;. Because rules are checked in order, the first matching rule decides the outcome (EK 3.4.B.2).
Because firewall ACL rules filter by port, and the CED's illustrative examples use port 22 for SSH and port 80 for HTTP. Knowing the port-to-protocol mapping lets you read a rule and predict exactly which traffic it allows or denies (AP Cybersecurity 3.4.D).
Connect this key term to the AP exam workflow: review the course, practice questions, and check related study tools.