cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
233
Views
0
Helpful
1
Replies

Need your thoughts

michael.steiner
Level 1
Level 1

We have a web server sitting in the DMZ. Port 80 is open thru the external pix allowing traffic to it. Its running IIS 5.0.

I have a developer who has placed several other web sites on it, but has set the site to respond to port 85 or 86 or 87, etc.

He has requested that I open up ports 85, 86, 87, etc. to the web server so clients can see the web pages.

I have said no and that IIS can redirect the traffic if you set them up as virtual web sites, like all the other web servers in the world and then we only need port 80 open.

His argument is that since all the traffic is still going to the web service that it does not increase our security risk.

While that may be true I do not see a reason to open it up and recreate the wheel if we don't have to.

Any thoughts?

Thanks

1 Reply 1

cgregg
Level 1
Level 1

I agree with you about the virtual web sites, however you could also look at it this way. Mostly all attacks are done on ports that are well known and that are default, like 80, 21, 23, 53 etc... and changing them would put more work on the hackers.

I would love to stagger all my ports to anything other than the default, but at the same time, this would cause me alot more work, having to deal with everyone else and modifying their applications default settings.

But again I would still have to open those ports to the servers in the DMZ defeating the purpose of changing ports.

So why bother, just leave the defaults.

Just my thoughts,

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: