Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Seeking your oppinion

We have a web server sitting in the DMZ. Port 80 is open thru the external pix allowing traffic to it. Its running IIS 5.0.

I have a developer who has placed several other web sites on it, but has set the site to respond to port 85 or 86 or 87, etc.

He has requested that I open up ports 85, 86, 87, etc. to the web server so clients can see the web pages.

I have said no and that IIS can redirect the traffic if you set them up as virtual web sites, like all the other web servers in the world and then we only need port 80 open.

His argument is that since all the traffic is still going to the web service that it does not increase our security risk.

While that may be true I do not see a reason to open it up and recreate the wheel if we don't have to.

Any thoughts?

Thanks

2 REPLIES
New Member

Re: Seeking your oppinion

As an alternative, you can use port redirection on the PIX.

New Member

Re: Seeking your oppinion

I don't see any reason why you can't open the ports. The only thing i would be concerned about is the fact that this is a 'developer'. By which i mean how do you know the web apps he created are secure? Besides that I would open the ports for him/her.

97
Views
0
Helpful
2
Replies