Educause Security Discussion mailing list archives
Re: Ports/applications permitted for Guest Access
From: Derek Diget <derek.diget+educause-security () WMICH EDU>
Date: Fri, 9 Sep 2011 12:30:51 -0400
On Sep 9, 2011 at 11:16 -0400, Kevin Wilcox wrote: =>Our guests can get out on ports 80 and 443. If they can do it over =>those ports, they're allowed. Bandwidth restrictions are in place, =>it's faster to register and use the standard campus wireless than to =>plug in and say they're a guest. General comment to list.... Don't forget TCP port 587 for message/email submission on phones/laptops/mobile devices. See section 4 of BCP 134 (RFC 5068 <http://www.ietf.org/rfc/rfc5068.txt>) and in particular the first paragraph of section 4.1. The user would probably also want/need 143 (and hope the remote provider requires STARTTLS) or 993. I will grudgingly add 110/995 for the sites that still offer POP. <rantMode=on> My personal preference would include TCP port 22 as well. (But then I run a sshd on port on other common ports like 80, 443, 53, 123, 20, 21, 389, 636, 2105 for the times that access providers decide that the Internet is only accessed via a web browser on port 80/443. And there is then the use of corkscrew or apache in tunneling SSH for the sites that want to do layer-7 inspection on port 80/443, but I haven't been at a site long enough to make playing those games worth it. :) <rantMode=off> -- *********************************************************************** Derek Diget Office of Information Technology Western Michigan University - Kalamazoo Michigan USA - www.wmich.edu/ ***********************************************************************
Current thread:
- Ports/applications permitted for Guest Access Roger A Safian (Sep 09)
- Re: Ports/applications permitted for Guest Access Kevin Wilcox (Sep 09)
- Re: Ports/applications permitted for Guest Access Derek Diget (Sep 09)
- Re: Ports/applications permitted for Guest Access Rowe, Ken (Sep 09)
- Re: Ports/applications permitted for Guest Access Robert Lau (Sep 11)
- Re: Ports/applications permitted for Guest Access Dave Koontz (Sep 11)
- Re: Ports/applications permitted for Guest Access Shannon Roddy (Sep 11)
- Re: Ports/applications permitted for Guest Access Valdis Kletnieks (Sep 11)
- Re: Ports/applications permitted for Guest Access David Gillett (Sep 12)
- Re: Ports/applications permitted for Guest Access Robert Lau (Sep 11)
- Re: Ports/applications permitted for Guest Access Robert Lau (Sep 11)
- Re: Ports/applications permitted for Guest Access Kevin Wilcox (Sep 16)
- Re: Ports/applications permitted for Guest Access Kevin Wilcox (Sep 09)
- Re: Ports/applications permitted for Guest Access (deep packet inspection) Barron Hulver (Sep 11)