Re: [fw-wiz] trusted & untrusted ports

From: Tobias Reckhard (jester71_at_gmx.net)
Date: 11/11/03

  • Next message: Robert Fenerty: "[fw-wiz] VPNs through Comcast" 
    To: firewall-wizards@honor.icsalabs.com
Date: Tue, 11 Nov 2003 09:30:11 +0100

    Hilal Hussein wrote:
    > Q1 - How to identifiy trust vs untrusted ports. As sometimes, users
    > working within our network will ask to open certain ports in the
    > firewall in order to allow communication to a certain application
    > outside the coorporate network. From security prespective, based on what
    > evaluation should i accept or reject opening the requested port(s) ?
    > maybe it will know to be used by hackers, or viruses as a threat.

    A port is nothing but a 16-bit integer, nothing more, nothing less. A
    port itself has no security characteristics at all. It is the
    applications on either end of the TCP/IP communication which you can
    evaluate regarding their security, as well as the characteristics of the
    communications path and protocol.

    But since you're asking specifically, _any_ port can be used for either
    form of purpose: legitimate or malicious. Of course, there are ports
    that some known malware defaults to using and you should be suspicious
    if someone wants port 37337 opened. However, port 80 has exactly the
    same potential.

    In the ideal world, you'd channel everything across application layer
    gateways that really knew what is OK and what isn't. But even without
    that, what you need to answer your real question is a security policy.
    That should state the security posture of your organisation and allow
    you to decide now and in the future how to deal with new communication
    requests.

    > Q2 - Reading some technical documents about accessing applications over
    > the net, I noticed that sometimes the connection is not a client/server
    > technique, it could be through the http port, in other words, no need to
    > open specific port in order to be able to access the net application
    > from within our network coorporate since it is using the http port.

    Just because they're tunneling over/through HTTP, that doesn't change
    the fact that it still uses the client-server-model. Actually, the trend
    of tunneling stuff through HTTP to cross firewalls isn't regarded as
    being entirely helpful by the security community..

    Cheers,
    Tobias

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

  • Next message: Robert Fenerty: "[fw-wiz] VPNs through Comcast"