Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Allowing Port 80 from a DMZ server to outside for updates

Today, we have a Web server sitting on a DMZ allowing only 80 and 443 from the outside world. This Web server is not allowed to initiate traffic from the dmz to the outside world. Is there any risk in allowing port 80 traffic to the outside world from this web server to get Updates.

1 REPLY
Silver

Re: Allowing Port 80 from a DMZ server to outside for updates

There are always are risks when exposing a machine to a network, of course but the particular risk for you is that it is possible for the machine to download malware and such. If it becomes a zombie it could do bad things in an automated fashion. THese are but a couple. If your needs are very vertical and you know you only want the box to fetch updates via http from a few known ip addresses, then it is a simple matter to restrict your host to only get http from a those hosts.

HTH

-pls rate if helpful

181
Views
3
Helpful
1
Replies
CreatePlease to create content