Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

Forcing IANA compliance?

We are trying to location any information which would support an organization requiring applications integrated into their infrastructure through third parties to NOT use port numbers in the IANA registered space, if they are NOT registered to that application. We've been denying requests by unregistered applications/ports that aren't operated in the Dynamic and/or Prirate Port range. We have been recieving increasing backpush from management and our business units when we require they reconfigure their applications to use something in the range of 49152 through 65535.

RE: http://www.iana.org/assignments/port-numbers

Does anyone know of documentation along the lines of best practices, etc. as to why an Information Security department would want to stick to their guns regarding this port designation policy? Is this even a concern to an infrastructure? (ie. Are we off our rockers?) Our fundamental purpose is to document and understand port usage across the infrastructure and to support a consistency model. We've had some vendors who want to use registered ports that are either registered to some other application and/or not registered, and have been unwilling to change.

I welcome any thoughts on this matter.

1 REPLY
Community Member

Re: Forcing IANA compliance?

Don't really know of any documents covering this. The main reason for applications to follow certain port numbers is so that companies can filter out unwanted applications that might come from the Internet, such as Napster, AOL Instant Messenger, ETC. The problem with people assigning IANA ports to there applications is that your company might actually need the real application that is registered with IANA but not the application that is using the IANA port.

206
Views
0
Helpful
1
Replies
CreatePlease to create content