RE: Risk-Port 3270
- From: "Nick Vaernhoej" <nick.vaernhoej@xxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 7 Dec 2007 14:36:36 -0600
The port number itself is not more or less secure than any other number.
You need to look at the service listening, if it is a web server then
which one? Once you know what you are dealing with it is simpler to
learn how vulnerable you will be.
Is the traffic encrypted? By what means? What client will be connecting?
The "scenario" you are mentioning does not specify anything but opening
port 3270 to a web server. This port number could be anything, think of
it as completely randomly picked. (just for the sake of getting the
question away from the port number itself).
This alone does not give you any information to answer if the traffic
can be sniffed...
Nick Vaernhoej
"Quidquid latine dictum sit, altum sonatur."
-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx]
On Behalf Of Kartik
Sent: Friday, December 07, 2007 1:14 PM
To: donge912@xxxxxxxxx
Cc: security-basics@xxxxxxxxxxxxxxxxx
Subject: Re: Risk-Port 3270
Well, Management is asking whether, in this scenario; How secure will
be the traffic? They are asking the probability of data being sniffed.
The problem is that i do not have much info regarding the application.
On 12/8/07, donge912@xxxxxxxxx <donge912@xxxxxxxxx> wrote:
Hi Kartik,application
I think it is hard to tell what the risk is without knowing the
that will be making the connection. That's where the risk might be.[mailto:listbounce@xxxxxxxxxxxxxxxxx]
Regards,
Willem van Dongen
Sr application analyst
-----Oorspronkelijk bericht-----
Van: listbounce@xxxxxxxxxxxxxxxxx
Namens Kartik12/6/2007
Verzonden: vrijdag 7 december 2007 9:24
Aan: security-basics@xxxxxxxxxxxxxxxxx
Onderwerp: Risk-Port 3270
Hi,
Recently I got a change request which is to be implemented on the
firewall. The requirement is to allow port 3270 from inside network to
a webserver located in the outside world.
I would like to know the Risk/Threats associated with this change. I
dont know what kind of a data would traverse in this setup but most
likely its going to be something related with financial transactions.
--
Thanx & Regards
Kartik
Sr. Specialist- Security
www.hcl.in
--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.5.503 / Virus Database: 269.16.17/1176 - Release Date:
23:15
--
Thanx & Regards
Kartik
9810998169
This electronic transmission is intended for the addressee (s) named above. It contains information that is privileged, confidential, or otherwise protected from use and disclosure. If you are not the intended recipient you are hereby notified that any review, disclosure, copy, or dissemination of this transmission or the taking of any action in reliance on its contents, or other use is strictly prohibited. If you have received this transmission in error, please notify the sender that this message was received in error and then delete this message.
Thank you.
- References:
- Risk-Port 3270
- From: Kartik
- Re: Risk-Port 3270
- From: Kartik
- Risk-Port 3270
- Prev by Date: RE: Checkpoint Firewall denying Explicit SSL
- Next by Date: Re: Risk-Port 3270
- Previous by thread: Re: Risk-Port 3270
- Next by thread: RE: Risk-Port 3270
- Index(es):
Relevant Pages
|
