We are trying to location any information which would support an organization requiring applications integrated into their infrastructure through third parties to NOT use port numbers in the IANA registered space, if they are NOT registered to that application. We've been denying requests by unregistered applications/ports that aren't operated in the Dynamic and/or Prirate Port range. We have been recieving increasing backpush from management and our business units when we require they reconfigure their applications to use something in the range of 49152 through 65535.
Does anyone know of documentation along the lines of best practices, etc. as to why an Information Security department would want to stick to their guns regarding this port designation policy? Is this even a concern to an infrastructure? (ie. Are we off our rockers?) Our fundamental purpose is to document and understand port usage across the infrastructure and to support a consistency model. We've had some vendors who want to use registered ports that are either registered to some other application and/or not registered, and have been unwilling to change.
Don't really know of any documents covering this. The main reason for applications to follow certain port numbers is so that companies can filter out unwanted applications that might come from the Internet, such as Napster, AOL Instant Messenger, ETC. The problem with people assigning IANA ports to there applications is that your company might actually need the real application that is registered with IANA but not the application that is using the IANA port.
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...