Re: [fw-wiz] Why are developers choosing to...

My experience suggests a couple reasons..
- easier to configure some software to run as a non-privileged user if
you use a high-order port
- easier to run multiple services on a single box, and the migration
through CM never mandates reconfiguring the app to use standard ports,
so the production configuration ends up matching a developer's rig
- default configuration never gets changed

I give my 'use standard ports and protocols for standard network
services so your network security folks don't shudder and hide when they
see you coming' speech fairly often.


On Fri, 2006-01-20 at 11:34, Behm, Jeffrey L. wrote:
> Why are developers choosing to write "web-based" code that runs some
> sort of encryption, typically SSL, across a non-standard port (say
> 10443) and then having those URLs blow up when they try to traverse the
> prudent company's perimeter security...You know..."deny all that is not
> explicitly allowed."
>
> I am seeing more and more "websites" that use a URL such as
> http://register.at.my.site:10443. Why not just use the standard secure
> port 443 from the get go? Is there something that makes SSL across
> 10443 innately more secure, or is this just the "security by obscurity"
> smoke-and-mirrors trick?
>
> Opinions?
>
> Jeff
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@xxxxxxxxxxxxxxxxxx
> http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Attachment:signature.asc
Description: This is a digitally signed message part

Relevant Pages

  • Re: [fw-wiz] Why are developers choosing to...
    ... > sort of encryption, typically SSL, across a non-standard port (say ... > 10443) and then having those URLs blow up when they try to traverse the ... Why not just use the standard secure ... Is there something that makes SSL across ...
    (Firewall-Wizards)
  • How to configure 857 to allow Port forwarding to 2 servers on my lan and also Wireless settings
    ... I have an 857W want to use it as a Wirelss Access point and also to host a couple of newtork service on non standard ports on my private lan. ... I have a mail server and a web server running on different INTRANET machine on non standard ports. ... I have configured a firewall rule from Dialer0 to Vlan1 to allow TCP to pass on the public ip address of the router to a specified port on one of my internal lan servers. ...
    (comp.dcom.sys.cisco)
  • [fw-wiz] RE: In defense of non standard ports
    ... How does running the same traffic across another port automatically make ... >All those hard earned dollars needed to control content and you ... >of host IP's A,B and C and a strong security policy document ... standard ports a bit more clear ...I'm still interested to hear what ...
    (Firewall-Wizards)
  • Re: How can I setup ftp server in Vista Home Premium?
    ... Port 20 and Port 21 One is for sending information and the other is to ... ftp port and it will give you the information for all 1024 standard ports. ... I'm running windows business and activated the FTP server just as you ...
    (microsoft.public.inetserver.iis.ftp)
  • FTP With 2 NICs
    ... I've been working on trying to have 2 FTP sites on one server. ... The site that uses the standard ports works just fine. ... If I set the port on the non-standard ... The other possibility is setting up a second NIC on the server. ...
    (microsoft.public.inetserver.iis.ftp)