Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Need your thoughts

We have a web server sitting in the DMZ. Port 80 is open thru the external pix allowing traffic to it. Its running IIS 5.0.

I have a developer who has placed several other web sites on it, but has set the site to respond to port 85 or 86 or 87, etc.

He has requested that I open up ports 85, 86, 87, etc. to the web server so clients can see the web pages.

I have said no and that IIS can redirect the traffic if you set them up as virtual web sites, like all the other web servers in the world and then we only need port 80 open.

His argument is that since all the traffic is still going to the web service that it does not increase our security risk.

While that may be true I do not see a reason to open it up and recreate the wheel if we don't have to.

Any thoughts?


New Member

Re: Need your thoughts

I agree with you about the virtual web sites, however you could also look at it this way. Mostly all attacks are done on ports that are well known and that are default, like 80, 21, 23, 53 etc... and changing them would put more work on the hackers.

I would love to stagger all my ports to anything other than the default, but at the same time, this would cause me alot more work, having to deal with everyone else and modifying their applications default settings.

But again I would still have to open those ports to the servers in the DMZ defeating the purpose of changing ports.

So why bother, just leave the defaults.

Just my thoughts,