[wepple]

Other people have given good, specific answers. Let me generalize from a security perspective:

Having a port listening on the internet means you've exposed (usually) tens or hundreds of thousands of lines of code to anyone with an internet connection. One vulnerable line of code or mis-configuration could be an entry point into your network for an attacker.

The key then, is deciding what absolutely needs to be exposed. If you run a website, you're going to need to expose your web server to the internet. Need access for remote workers? You'll open up a VPN. There are a bunch of things that generally have no place being exposed to the internet: SNMP, SMB, afp, RDP, Telnet, Any admin console, etc.