---
title: "NeedPorts Security Model: Public Ports, Tunnels, Encryption, and Safe Exposure"
description: "Understand what NeedPorts exposes, how the outbound tunnel works, what metadata is needed to operate the service, and how to safely publish SSH, APIs, dashboards, and Docker apps."
image: "https://needports.com/og-image.svg"
canonical: "https://needports.com/security.html"
html: "https://needports.com/security.html"
---
# NeedPorts security model


Understand what NeedPorts exposes, how the outbound tunnel works, what metadata is needed to operate the service, and how to safely publish SSH, APIs, dashboards, and Docker apps.


## Core model


NeedPorts provides public reachability through an outbound tunnel. You choose which local services and local ports are forwarded to your assigned public endpoint. NeedPorts does not automatically expose your LAN, Docker network, or services you did not configure.


## What NeedPorts can see


- Assigned endpoint and public port routing.
- Tunnel health, heartbeats, bandwidth, and operational events.
- Connection metadata needed for reliability, support, billing, and abuse handling.


## What remains encrypted


Protocols such as SSH and HTTPS remain encrypted at the protocol/application layer between the connecting client and your service. NeedPorts can route the connection, but it does not need your SSH private keys or application passwords.


## Safe exposure checklist


- Use SSH keys for SSH and avoid password-exposed root login.
- Put authentication on dashboards and APIs.
- Use HTTPS/TLS for sensitive HTTP services.
- Expose one service at a time and test from another network.
- Keep a private fallback path for critical administration.

```json
{
  "@context": "https://schema.org",
  "@graph": [
    {
      "@type": "Organization",
      "@id": "https://needports.com/#organization",
      "name": "NeedPorts",
      "url": "https://needports.com/"
    },
    {
      "@type": "BreadcrumbList",
      "itemListElement": [
        {
          "@type": "ListItem",
          "position": 1,
          "name": "Home",
          "item": "https://needports.com/"
        },
        {
          "@type": "ListItem",
          "position": 2,
          "name": "Guides",
          "item": "https://needports.com/guides.html"
        },
        {
          "@type": "ListItem",
          "position": 3,
          "name": "NeedPorts Security Model: Public Ports, Tunnels, Encryption, and Safe Exposure",
          "item": "https://needports.com/security.html"
        }
      ]
    },
    {
      "@type": "Article",
      "headline": "NeedPorts Security Model: Public Ports, Tunnels, Encryption, and Safe Exposure",
      "description": "Understand the NeedPorts security model: what is exposed, how tunnels work, what NeedPorts can see, and how to safely publish SSH, APIs, and dashboards.",
      "mainEntityOfPage": "https://needports.com/security.html",
      "author": {
        "@id": "https://needports.com/#organization"
      },
      "publisher": {
        "@id": "https://needports.com/#organization"
      }
    }
  ]
}
```