The term ‘firewall’ conjures up dramatic imagery – but the reality is not quite so cinematic. However, the name does give you a clue about the purpose of this network security tool.
A firewall is a barrier between your network and the open internet. It monitors and controls incoming and outgoing traffic, using virtual ‘ports’ to distinguish between different types of data as it moves between networks. Firewalls are crucial tools for schools and kura that want internet access as it helps reduce the risk.
Here’s what you need to know:
Understanding firewalls and ports
A firewall is a security system set up to assess and manage traffic to and from your network. ‘Traffic’ is any data that goes in or out while you’re using the internet – for example, viewing a webpage, uploading a photo, or sending an email.


When your school or kura agreed to N4L’s services, firewall rules were set to determine the type of traffic allowed in or out of your network. This is where ports come in. A port is a digital checkpoint that helps funnel data between networks. Each one handles a different data-sharing process. For example, emails go through a different port from webpage data, even though both services use the same internet connection. Essentially, ports allow your network to differentiate between types of traffic as they move in and out of your network.
These could include your school web server, Student Management System (SMS) or a security camera feed. If these services live on your school premises, your N4L firewall may need to be configured to allow access through a port or ports. Each port will be mapped to the corresponding server that provides that function. And servers aren’t just part of your IT system – nowadays lots of everyday tech items have built-in servers, such as CCTV cameras, smart TVs and even air-con systems.
While these firewall configurations are crucial, it’s important to recognise that every port exposed to the internet represents a new pathway that could be used to access your school network, so it’s best practice to minimise the number of ports left open – we talk more about this in a recent blog here. Hackers may not even need a username and password to gain access to the server, sometimes just having the port open is enough to give them a way in.
As always, it’s about doing everything you can to protect your school or kura from high-risk data sharing that could expose your network to data breaches or unauthorised access.
Using ports to manage network traffic
Ports are a standardised network tool that can be used by any connected device. Each port has a number and a type of communication associated with it. For example, File Transfer Protocol (FTP) messages typically go through Port 21. This makes it easy for your firewall technology to identify and block certain types of traffic before they reach your network.
By changing settings in your firewall system, you can block – or unblock – certain types of online traffic that represent a higher level of risk to your network.
While you can manage your own firewall settings, N4L and other security experts recommend blocking five high-risk ports as standard – here’s why:
Port 3889 – Remote Desktop (RDP)
The ‘remote desktop protocol’ allows remote access and management of Windows servers, which means it has the potential to be used by would-be hackers. However, this protocol also lets staff and students work from home – a useful function for many schools and kura. If you leave this port open to allow remote access, it’s vital to use strong passwords, two-factor authentication and other security settings to reduce the risk to your network.
Port 5900 – VNC Remote Desktop
Another remote access protocol, Virtual Network Computing (VNC), can be used to access and control Apple and Linux-based servers. This port is best blocked in the majority of cases.
Port 21 – File Transfer Protocol (FTP)
FTP is used to upload large volumes of content to websites. While it’s a useful tool if you’re a web developer, it’s risky in schools and kura as it can expose usernames, passwords and other sensitive information to online attackers. If you need to upload large files, it’s generally safer to use STFP, which encrypts your data before sharing it online.
Port 22 – Secure Shell (SSH)
The SSH protocol lets IT teams manage systems and network equipment remotely. While it was a useful tool in the past, it’s no longer considered best practice as it could compromise your network. If your team needs this functionality, you can restrict it to specific IP addresses to reduce the risk.
Port 23 – Telnet
This protocol has existed since the dark ages of the internet and is now used to give IT or tech teams remote access to legacy network equipment. For example, an IT team might use it to remotely reset your on-premise server. However, like FTP, Telnet doesn’t use encryption to protect your data, making it a risk to your network.
Making firewalls work for you
A firewall is the first layer of protection in your network security armour – along with tools like web filtering, DDoS Protection and DNS Threat Protection.
By assessing and blocking network traffic at the source, a firewall can significantly reduce the risk of exposing sensitive data or opening your network up to cyber-criminals. With N4L, you get firewall protection that you can manage and tweak to fit your school or kura. We work with you to put settings in place, then help you track and monitor your firewall to ensure the protection keeps up with changing risks. Our security team uses the National Cyber Security Centre’s advisories to monitor emerging cyber threats – and we’ll let you know if a port needs to be blocked due to a security risk.
As always, it’s about finding a balance between accessibility and risk that works for your school or kura. It’s up to you and your school leadership team or trusted IT provider to decide the firewall settings best suited for the needs of your school. And it’s always important to remember that no tech solution can provide 100% guaranteed protection from online threats. Our Customer Support team is only ever a phone call (or email) away if you’d like to discuss your firewall settings – either call 0800 LEARNING (532 764) or email [email protected].
Find out more about creating a safer, more secure network.
If you’d like to hear more from N4L, or see more blogs like this, why not subscribe?