Hershel,
You normally do not want to open up the system remotely for Web or SSH and leave it open all the time. That being said you can shut down those services and also change those two ports as well if you don't want them to be standard ports; hint hint.
System > IP Settings > WEB/SSH Settings
As for the SAaD programming the two ports still exist and can also be changed as well.
System > IP Settings > Listening Port (Secured) 44000 and (Unsecured) 4000
There is also some security measures you can utilize to lock down(out) threats from accessing the 5000 as well, but that is a little more advanced and normally only needed if a system is being attacked. This is how we secure the system against attacks on port 5060 so that the phones still work, but only from known locations and everything else is ignored/blocked.
Thanks,
TE