Step one - close all the ports you do not have an explicit business need for!
All open ports add potential insecurity - a closed port is a safe port.
If you don't know why a port is open, I would be worried - find out what service is running on it. If there is no business need, shut it down! If you can't find out what service it is, shut it down!
There are services lists for the most common services which run on particular ports, but really, anything can run on any port (pretty much) so you need to have a register detailing the port, the service, the business reason/function, the owner, the date it was implemented.
If you can't shut down services, use a firewall to explicitly block access to all but the services you do need.
Once you have done that, make sure that all your services are patched. One of the biggest sources of vulnerabilities is unpatched services/applications. Get yourself up to date now!