Security Basics mailing list archives
RE: Securing webmail - changing a port necessary to ensure security?
From: Byron Copeland <nodialtone () comcast net>
Date: 14 Feb 2004 01:19:53 -0500
On Thu, 2004-02-12 at 07:02, Thiago Lima wrote:
Security thru obscurity is never a good solution. Even if you change the port to 20000, if someone portscan your machine it will find your webmail.
Agreed, changing ports isn't a solution. All one would need to do is tcpdump what they get back from your site and figure it out.
And if your webmail have much access from diferent clients at diferent points you may end up with someone that can't access your webmail because the administrator of a LAN that your client is connected (and trying to access the webmail) blocked outgoing traffic to unkown ports. Resume: stay with 443, but ensure that all software are updated, keep some security polices and run a security scaner (like nessus) from time to time.
I agree, but another extra step is you may want to find a way to redirect port 80 traffic to port 443 as well. There are times when users forget https:// and try http:// to access some given website. -b --------------------------------------------------------------------------- Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection Protect your network with the comprehensive security solution that integrates six applications for ease of use and lower TCO. Firewall - Virus protection - Spam protection - URL blocking - VPN - Wireless security. Download 30-day evaluation at: http://www.astaro.com/php/contact/securityfocus.php ----------------------------------------------------------------------------
Current thread:
- Re: Securing webmail - changing a port necessary to ensure security?, (continued)
- Re: Securing webmail - changing a port necessary to ensure security? Pete Hunt (Feb 12)
- Re: Securing webmail - changing a port necessary to ensure security? Sandro Melo (Feb 13)
- RE: Securing webmail - changing a port necessary to ensure security? Aditya, ALD [Aditya Lalit Deshmukh] (Feb 12)
- RE: Securing webmail - changing a port necessary to ensure security? Joey Peloquin (Feb 13)
- Re: Securing webmail - changing a port necessary to ensure security? Dedric Ramsey - Ramsey Consulting Svcs (Feb 13)
- Re: Securing webmail - changing a port necessary to ensure security? Chris (Feb 13)
- Re: Securing webmail - changing a port necessary to ensure security? AgfTech Lists (Feb 13)
- Re: Securing webmail - changing a port necessary to ensure security? Miles Stevenson (Feb 13)
- Re: Securing webmail - changing a port necessary to ensure security? Ansgar -59cobalt- Wiechers (Feb 13)
- RE: Securing webmail - changing a port necessary to ensure security? Thiago Lima (Feb 13)
- RE: Securing webmail - changing a port necessary to ensure security? Byron Copeland (Feb 16)
- RE: Securing webmail - changing a port necessary to ensure security? Michael Bellears (Feb 12)
- Re: Securing webmail - changing a port necessary to ensure security? Pete Hunt (Feb 12)