RE: Securing webmail - changing a port necessary to ensure security?

From: Joey Peloquin (jpelo1_at_jcpenney.com)
Date: 02/12/04

  • Next message: Josh Mills: "RE: 802.11i research papers"
    Date: Thu, 12 Feb 2004 09:36:53 -0600
    To: "'Jennifer Fountain'" <jfountain@rbinc.com>, security-basics@securityfocus.com
    
    
    

    Jennifer,

    >>When configuring webemail (such as owa) that is using https,
    >>is it better to change the default port (443) to an uncommon
    >>port (20000)for security reasons?

    Running a well-known service on an unregistered port may protect you from
    "script-kiddies" looking only at the results from a range-scan (or not even
    looking, and simply plugging the results into a tool), but not a determined
    cracker that is deliberately targeting you.

    You're still susceptible to banner-grabbing and other enumeration
    techniques, unless you've taken steps to thwart those as well.

    IMO, your time is better spent securing the OS the service is running on,
    and the application or service itself, especially if we're talking about
    Windows.

    Joey Peloquin

    [...]

    
    

    The information transmitted is intended only for the person or entity to
    which it is addressed and may contain confidential and/or privileged
    material. If the reader of this message is not the intended recipient,
    you are hereby notified that your access is unauthorized, and any review,
    dissemination, distribution or copying of this message including any
    attachments is strictly prohibited. If you are not the intended
    recipient, please contact the sender and delete the material from any
    computer.

    
    

    ---------------------------------------------------------------------------
    Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection

    Protect your network with the comprehensive security solution that
    integrates six applications for ease of use and lower TCO.

    Firewall - Virus protection - Spam protection - URL blocking - VPN
    - Wireless security.

    Download 30-day evaluation at:
    http://www.astaro.com/php/contact/securityfocus.php
    ----------------------------------------------------------------------------


  • Next message: Josh Mills: "RE: 802.11i research papers"

    Relevant Pages