RE: Securing webmail - changing a port necessary to ensure security?

[Joey Peloquin <jpelo1 () jcpenney com>]

Jennifer,

> > When configuring webemail (such as owa) that is using https, 
> > is it better to change the default port (443) to an uncommon 
> > port (20000)for security reasons?

Running a well-known service on an unregistered port may protect you from
"script-kiddies" looking only at the results from a range-scan (or not even
looking, and simply plugging the results into a tool), but not a determined
cracker that is deliberately targeting you.

You're still susceptible to banner-grabbing and other enumeration
techniques, unless you've taken steps to thwart those as well.

IMO, your time is better spent securing the OS the service is running on,
and the application or service itself, especially if we're talking about
Windows.

Joey Peloquin

[...]

The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material.  If the reader of this message is not the intended recipient,
you are hereby notified that your access is unauthorized, and any review,
dissemination, distribution or copying of this message including any
attachments is strictly prohibited.   If you are not the intended
recipient, please contact the sender and delete the material from any
computer.

---------------------------------------------------------------------------
Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection

Protect your network with the comprehensive security solution that
integrates six applications for ease of use and lower TCO.

Firewall - Virus protection - Spam protection - URL blocking - VPN
- Wireless security.

Download 30-day evaluation at:
http://www.astaro.com/php/contact/securityfocus.php
----------------------------------------------------------------------------