Ports

Port 5432: PostgreSQL

Default PostgreSQL listener. Often protected behind app tiers and private networks.

Where you will see it: You will see this in scans, firewall rules, vulnerability reports, and service configs. Treat open ports as exposure points and verify the service is expected, hardened, and restricted.

What it is

TCP port 5432 is the default port for PostgreSQL. A port is a transport layer number used together with an IP address and a protocol such as TCP or UDP to direct traffic to the correct service on a host. A server process binds a socket to a port and listens, while a client typically chooses an ephemeral source port for outbound connections.

The combination of source and destination IP addresses, source and destination ports, and the transport protocol uniquely identifies a flow so the operating system can keep many conversations separate. Firewalls, NAT, and scanners talk about ports because the destination port is the stable rendezvous point that exposes a service to the network.

The Postgres server listens on 5432 and clients connect from ephemeral source ports. The flow is: TCP handshake, protocol and parameter negotiation, authentication, then SQL queries and result sets over the established session.

As with other databases, applications often use connection pools and long lived sessions, which can hide the true number of user actions behind a small set of connections. Security wise, 5432 is a direct path to data.

Exposing it too broadly enables brute force, credential reuse attacks, and data exfiltration if application roles are over privileged. Network segmentation plus least privilege roles and monitoring are the practical controls.

How it works in broad strokes

  1. Client connects and negotiates protocol version and session settings.
  2. Client authenticates, then sends queries and receives results.
  3. Applications frequently reuse pooled connections, so a single app node can make many requests quickly.

Concrete example

A CI pipeline runs migrations against Postgres on 5432. If that port is reachable from developer laptops, a compromised laptop could attempt the same credentials, so access should be restricted to the CI runner network.

Why it matters

PostgreSQL often holds business critical data. Exposing 5432 broadly can allow credential attacks and data exfiltration. Many incidents start with a single compromised host that can reach the database tier, so segmentation and least privilege are crucial.

Security angle

  • Restrict network access and enforce least privilege roles.
  • Enable TLS and patch regularly, including extensions.
  • Monitor for unusual login attempts and large data exports.

Common pitfalls

  • Exposing 5432 to the internet or user networks.
  • Running with superuser level credentials in applications.
  • Ignoring TLS and role based permissions when traffic crosses shared networks.