Security Basics mailing list archives
Re: Risk-Port 3270
From: krymson () gmail com
Date: 7 Dec 2007 17:05:17 -0000
If you open port 3270 from my machine to a specific server out on the Internet, I can put whatever I want through that connection. Then again, I can do that on port 80 anyway unless you're doing some deeper inspection. You'll definitely want to allow only that one internal system to connect to only that one external system on that port. You'll also definitely want to ask what sort of traffic this will include. Is this an application? What service is running on the remote system on 3270? Is it encrypted? A request like this (especially when using "financial transactions" anywhere near it) should be accompanied by that sort of information at a minimum. <- snip -> Recently I got a change request which is to be implemented on the firewall. The requirement is to allow port 3270 from inside network to a webserver located in the outside world. I would like to know the Risk/Threats associated with this change. I dont know what kind of a data would traverse in this setup but most likely its going to be something related with financial transactions.
Current thread:
- Risk-Port 3270 Kartik (Dec 07)
- Message not available
- Re: Risk-Port 3270 Kartik (Dec 07)
- RE: Risk-Port 3270 Nick Vaernhoej (Dec 07)
- RE: Risk-Port 3270 S. Earl Jarosh (Dec 08)
- Re: Risk-Port 3270 Kartik (Dec 07)
- Message not available
- Re: Risk-Port 3270 Michael R. Martinez (Dec 07)
- <Possible follow-ups>
- Re: Risk-Port 3270 krymson (Dec 07)