I cant find the article, As far as I recall a default instance does not support dynamic ports, it is possible to use a static port other than 1433 but there is an amount of configuration required. This link, though a little old, details port requirements.

https://support.microsoft.com/en-us/kb/823938

As I said, it's more important to secure the server so that even if connection attempts are made that they are met with the appropriate security checks from the server. Connecting to instance FRED when SQL Server authentication is enabled with the SA password set to "Smith" is going to cause issues whatever port you listen on!

Having the NTFS file system unsecured will further allow prying eyes to read log files and find port numbers in use too.

Remember, 70% of your attacks will likely come from within your network, just my 2 cents worth