RE: Securing webmail - changing a port necessary to ensure security?

• Previous message: H Carvey: "Re: Life After CISSP?"
• In reply to: Jennifer Fountain: "Securing webmail - changing a port necessary to ensure security?"
• Next in thread: Dedric Ramsey - Ramsey Consulting Svcs: "Re: Securing webmail - changing a port necessary to ensure security?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 12 Feb 2004 09:36:53 -0600
To: "'Jennifer Fountain'" <jfountain@rbinc.com>, security-basics@securityfocus.com

Jennifer,

>>When configuring webemail (such as owa) that is using https,
>>is it better to change the default port (443) to an uncommon
>>port (20000)for security reasons?

Running a well-known service on an unregistered port may protect you from
"script-kiddies" looking only at the results from a range-scan (or not even
looking, and simply plugging the results into a tool), but not a determined
cracker that is deliberately targeting you.

You're still susceptible to banner-grabbing and other enumeration
techniques, unless you've taken steps to thwart those as well.

IMO, your time is better spent securing the OS the service is running on,
and the application or service itself, especially if we're talking about
Windows.

Joey Peloquin

[...]

The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material. If the reader of this message is not the intended recipient,
you are hereby notified that your access is unauthorized, and any review,
dissemination, distribution or copying of this message including any
attachments is strictly prohibited. If you are not the intended
recipient, please contact the sender and delete the material from any
computer.

---------------------------------------------------------------------------
Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection

Protect your network with the comprehensive security solution that
integrates six applications for ease of use and lower TCO.

Firewall - Virus protection - Spam protection - URL blocking - VPN
- Wireless security.

Download 30-day evaluation at:
http://www.astaro.com/php/contact/securityfocus.php
----------------------------------------------------------------------------

• Previous message: H Carvey: "Re: Life After CISSP?"
• In reply to: Jennifer Fountain: "Securing webmail - changing a port necessary to ensure security?"
• Next in thread: Dedric Ramsey - Ramsey Consulting Svcs: "Re: Securing webmail - changing a port necessary to ensure security?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]