Security Basics mailing list archives
Re: Securing webmail - changing a port necessary to ensure security?
From: Pete Hunt <lists () petehunt co uk>
Date: Thu, 12 Feb 2004 02:34:12 +0000
inline At 16:02 11/02/2004, Jennifer Fountain wrote:
I am going back and forth on this one with a consultant on this one and need an expert opinion. So, I turn to you :) When configuring webemail (such as owa) that is using https, is it better to change the default port (443) to an uncommon port (20000)for security reasons?
No. If running web-based mail hrough https isn't secure enough for your organisation, then anything you gain from obfuscating the port ( practically nothing ) won't offset the extra faffing about required when setting it up.
Your consultant is working on the theory that high ports are less likely to be scanned (and discovered vulnerable). Properly set up, it will be as secure as web-based email can be with or without changing the ports.
_Relying_ on the obscure ports is even more dubious. my 0.02p Pete --------------------------------------------------------------------------- Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection Protect your network with the comprehensive security solution that integrates six applications for ease of use and lower TCO. Firewall - Virus protection - Spam protection - URL blocking - VPN - Wireless security. Download 30-day evaluation at: http://www.astaro.com/php/contact/securityfocus.php ----------------------------------------------------------------------------
Current thread:
- Securing webmail - changing a port necessary to ensure security? Jennifer Fountain (Feb 11)
- Re: Securing webmail - changing a port necessary to ensure security? Michael Gale (Feb 12)
- Re: Securing webmail - changing a port necessary to ensure security? Pete Hunt (Feb 12)
- Re: Securing webmail - changing a port necessary to ensure security? Sandro Melo (Feb 13)
- RE: Securing webmail - changing a port necessary to ensure security? Aditya, ALD [Aditya Lalit Deshmukh] (Feb 12)
- RE: Securing webmail - changing a port necessary to ensure security? Joey Peloquin (Feb 13)
- Re: Securing webmail - changing a port necessary to ensure security? Dedric Ramsey - Ramsey Consulting Svcs (Feb 13)
- Re: Securing webmail - changing a port necessary to ensure security? Chris (Feb 13)
- Re: Securing webmail - changing a port necessary to ensure security? AgfTech Lists (Feb 13)
- Re: Securing webmail - changing a port necessary to ensure security? Miles Stevenson (Feb 13)
- Re: Securing webmail - changing a port necessary to ensure security? Ansgar -59cobalt- Wiechers (Feb 13)
- RE: Securing webmail - changing a port necessary to ensure security? Thiago Lima (Feb 13)
- RE: Securing webmail - changing a port necessary to ensure security? Byron Copeland (Feb 16)
(Thread continues...)