A reader of our blog asked: “A friend of mine who was a system administrator told me a few years ago that Windows has a good remote maintenance capability in its philosophy and that therefore all possible ports are open by default. Is it still like that?”

This cannot be answered with a short yes or no. However, our experience shows:
Windows computers, whether client or server, tend to have more ports open than on the corresponding Linux devices. The
University of Rostock has put together which ports are open on Windows by default .
https://www.itmz.uni-rostock.de/lösungen/software/windows/sicherheit/grundlagen/offene-ports-einer-standard-windows-installation/

Microsoft has compiled which ports are used for which services.
https://support.microsoft.com/de-de/help/832017/service-overview-and-network-port-requirements-for-windows

On Linux computers, port 22 is typically open for remote maintenance via SSH. The Ubuntu developers initially tried to deliver their Linux distribution without any open ports, but found that this was not possible without reducing the usability too much.
https://wiki.ubuntu.com/DefaultNetworkServices

Microsoft, on the other hand, traditionally focuses on user friendliness and accepts security problems (such as open ports). On the other hand, Microsoft systems have become increasingly secure in recent years, while on Linux the strict security precautions have been partially undermined (e.g. due to the softened rights system in Ubuntu).

Basically, the following applies: On a thoroughly and neatly configured PC or server, only the ports that are really needed are open. In practice, however, many devices (whether PC, smartphone, embedded or server) are not administered so carefully that this is really guaranteed. This applies to every operating system.

Ultimately, there is no way around it: You have to thoroughly investigate how open ports are in your own network. Depending on the result of this analysis, redundant services will then be terminated, the range of services limited with a firewall, VPN tunnels installed and so on.

If you need support with such measures, get in touch!