Re: Securing webmail - changing a port necessary to ensure security?

From: Ansgar -59cobalt- Wiechers (bugtraq_at_planetcobalt.net)
Date: 02/12/04

  • Next message: Thiago Lima: "RE: Securing webmail - changing a port necessary to ensure security?" 
    Date: Thu, 12 Feb 2004 13:54:58 +0100
To: security-basics@securityfocus.com

    On 2004-02-11 Jennifer Fountain wrote:
    > I am going back and forth on this one with a consultant on this one and
    > need an expert opinion. So, I turn to you :)

    Hope you don't mind me answering instead ;)

    > When configuring webemail (such as owa) that is using https, is it
    > better to change the default port (443) to an uncommon port (20000)for
    > security reasons? Does it secure it further by doing this?

    No. Security by obscurity won't work since an attacker could simply run
    a portscan against your webmail host to determine which ports are open.

    > Wouldn't it cause more issues than anything if you try to access that
    > site from inside an org that only allows port 80/443 and 21 out?

    If you allow 21 out, you will also have to allow 1024+ out, since
    passive FTP opens the data connection on a high port IIRC. So no, using
    port 20000 won't cause problems in that scenario, but it also won't
    improve your security.

    Regards
    Ansgar Wiechers

    ---------------------------------------------------------------------------
    Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection

    Protect your network with the comprehensive security solution that
    integrates six applications for ease of use and lower TCO.

    Firewall - Virus protection - Spam protection - URL blocking - VPN
    - Wireless security.

    Download 30-day evaluation at:
    http://www.astaro.com/php/contact/securityfocus.php
    ----------------------------------------------------------------------------

  • Next message: Thiago Lima: "RE: Securing webmail - changing a port necessary to ensure security?"

    Relevant Pages