RE: Risk-Port 3270



The port number itself is not more or less secure than any other number.
You need to look at the service listening, if it is a web server then
which one? Once you know what you are dealing with it is simpler to
learn how vulnerable you will be.
Is the traffic encrypted? By what means? What client will be connecting?

The "scenario" you are mentioning does not specify anything but opening
port 3270 to a web server. This port number could be anything, think of
it as completely randomly picked. (just for the sake of getting the
question away from the port number itself).
This alone does not give you any information to answer if the traffic
can be sniffed...

Nick Vaernhoej
"Quidquid latine dictum sit, altum sonatur."


-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx]
On Behalf Of Kartik
Sent: Friday, December 07, 2007 1:14 PM
To: donge912@xxxxxxxxx
Cc: security-basics@xxxxxxxxxxxxxxxxx
Subject: Re: Risk-Port 3270

Well, Management is asking whether, in this scenario; How secure will
be the traffic? They are asking the probability of data being sniffed.
The problem is that i do not have much info regarding the application.

On 12/8/07, donge912@xxxxxxxxx <donge912@xxxxxxxxx> wrote:
Hi Kartik,

I think it is hard to tell what the risk is without knowing the
application
that will be making the connection. That's where the risk might be.

Regards,

Willem van Dongen
Sr application analyst

-----Oorspronkelijk bericht-----
Van: listbounce@xxxxxxxxxxxxxxxxx
[mailto:listbounce@xxxxxxxxxxxxxxxxx]
Namens Kartik
Verzonden: vrijdag 7 december 2007 9:24
Aan: security-basics@xxxxxxxxxxxxxxxxx
Onderwerp: Risk-Port 3270

Hi,

Recently I got a change request which is to be implemented on the
firewall. The requirement is to allow port 3270 from inside network to
a webserver located in the outside world.
I would like to know the Risk/Threats associated with this change. I
dont know what kind of a data would traverse in this setup but most
likely its going to be something related with financial transactions.

--
Thanx & Regards
Kartik
Sr. Specialist- Security
www.hcl.in


--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.5.503 / Virus Database: 269.16.17/1176 - Release Date:
12/6/2007
23:15





--
Thanx & Regards
Kartik
9810998169

This electronic transmission is intended for the addressee (s) named above. It contains information that is privileged, confidential, or otherwise protected from use and disclosure. If you are not the intended recipient you are hereby notified that any review, disclosure, copy, or dissemination of this transmission or the taking of any action in reliance on its contents, or other use is strictly prohibited. If you have received this transmission in error, please notify the sender that this message was received in error and then delete this message.
Thank you.



Relevant Pages

  • Re: Remote Access
    ... Please rerun CEICW, this helps up configure network and websites ... On the Web Server Certificate page shows. ... http://ipaddress/remote to access RWW, type the public IP address in the ... that if SBS is behind a router, I need to configure the port forwarding ...
    (microsoft.public.windows.server.sbs)
  • Re: Apache web server being attacked
    ... There is no domain name pointing to my web server. ... But have had port 80 attacks that did not work. ... after yourself once you've generated a config file. ... This way my web site has total access by anyone who knows it's URl, the URL is scanned by yahoo and google indexing bot and becomes know to the public. ...
    (freebsd-questions)
  • Re: [Full-disclosure] server security
    ... I don't see how any can argue against the security value of such a configuration. ... It's unlikely, but you never know, you just might miss out on a nasty worm all because you werent running on a default port one day. ... This is a basic web server that runs email, web and a couple other things. ... -- Securing Apache Web Server with thawte Digital Certificate In this ...
    (Full-Disclosure)
  • Re: disconnect a hacker
    ... My Web server station is right next ... ]see an IP connected to port 80, ... ]I notice a significant number of probes on my firewall console window ... that the attacks on you are simply attacks on you amongst millions of ...
    (alt.computer.security)
  • Re: disconnect a hacker
    ... My Web server station is right next ... my attention divided by security concerns... ... see an IP connected to port 80, ... I've been forwarding my firewall logs to my ISP, ...
    (alt.computer.security)