RE: Securing webmail - changing a port necessary to ensure security?

[Byron Copeland <nodialtone () comcast net>]

On Thu, 2004-02-12 at 07:02, Thiago Lima wrote:
>       Security thru obscurity is never a good solution. Even if you change
> the port to 20000, if someone portscan your machine it will find your
> webmail.

Agreed, changing ports isn't a solution.  All one would need to do is
tcpdump what they get back from your site and figure it out.

>       And if your webmail have much access from diferent clients at
> diferent points you may end up with someone that can't access your webmail
> because the administrator of a LAN that your client is connected (and trying
> to access the webmail) blocked outgoing traffic to unkown ports.
>
>       Resume: stay with 443, but ensure that all software are updated,
> keep some security polices and run a security scaner (like nessus) from time
> to time.

I agree, but another extra step is you may want to find a way to
redirect port 80 traffic to port 443 as well.  There are times when
users forget https:// and try http:// to access some given website.

-b



---------------------------------------------------------------------------
Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection

Protect your network with the comprehensive security solution that
integrates six applications for ease of use and lower TCO.

Firewall - Virus protection - Spam protection - URL blocking - VPN
- Wireless security.

Download 30-day evaluation at:
http://www.astaro.com/php/contact/securityfocus.php
----------------------------------------------------------------------------