We have a web server sitting in the DMZ. Port 80 is open thru the external pix allowing traffic to it. Its running IIS 5.0.
I have a developer who has placed several other web sites on it, but has set the site to respond to port 85 or 86 or 87, etc.
He has requested that I open up ports 85, 86, 87, etc. to the web server so clients can see the web pages.
I have said no and that IIS can redirect the traffic if you set them up as virtual web sites, like all the other web servers in the world and then we only need port 80 open.
His argument is that since all the traffic is still going to the web service that it does not increase our security risk.
While that may be true I do not see a reason to open it up and recreate the wheel if we don't have to.
Any thoughts?
Thanks