Security Basics mailing list archives
Re: Securing webmail - changing a port necessary to ensure security?
From: Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>
Date: Thu, 12 Feb 2004 13:54:58 +0100
On 2004-02-11 Jennifer Fountain wrote:
I am going back and forth on this one with a consultant on this one and need an expert opinion. So, I turn to you :)
Hope you don't mind me answering instead ;)
When configuring webemail (such as owa) that is using https, is it better to change the default port (443) to an uncommon port (20000)for security reasons? Does it secure it further by doing this?
No. Security by obscurity won't work since an attacker could simply run a portscan against your webmail host to determine which ports are open.
Wouldn't it cause more issues than anything if you try to access that site from inside an org that only allows port 80/443 and 21 out?
If you allow 21 out, you will also have to allow 1024+ out, since passive FTP opens the data connection on a high port IIRC. So no, using port 20000 won't cause problems in that scenario, but it also won't improve your security. Regards Ansgar Wiechers --------------------------------------------------------------------------- Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection Protect your network with the comprehensive security solution that integrates six applications for ease of use and lower TCO. Firewall - Virus protection - Spam protection - URL blocking - VPN - Wireless security. Download 30-day evaluation at: http://www.astaro.com/php/contact/securityfocus.php ----------------------------------------------------------------------------
Current thread:
- Securing webmail - changing a port necessary to ensure security? Jennifer Fountain (Feb 11)
- Re: Securing webmail - changing a port necessary to ensure security? Michael Gale (Feb 12)
- Re: Securing webmail - changing a port necessary to ensure security? Pete Hunt (Feb 12)
- Re: Securing webmail - changing a port necessary to ensure security? Sandro Melo (Feb 13)
- RE: Securing webmail - changing a port necessary to ensure security? Aditya, ALD [Aditya Lalit Deshmukh] (Feb 12)
- RE: Securing webmail - changing a port necessary to ensure security? Joey Peloquin (Feb 13)
- Re: Securing webmail - changing a port necessary to ensure security? Dedric Ramsey - Ramsey Consulting Svcs (Feb 13)
- Re: Securing webmail - changing a port necessary to ensure security? Chris (Feb 13)
- Re: Securing webmail - changing a port necessary to ensure security? AgfTech Lists (Feb 13)
- Re: Securing webmail - changing a port necessary to ensure security? Miles Stevenson (Feb 13)
- Re: Securing webmail - changing a port necessary to ensure security? Ansgar -59cobalt- Wiechers (Feb 13)
- RE: Securing webmail - changing a port necessary to ensure security? Thiago Lima (Feb 13)
- RE: Securing webmail - changing a port necessary to ensure security? Byron Copeland (Feb 16)
- <Possible follow-ups>
- RE: Securing webmail - changing a port necessary to ensure security? Michael Bellears (Feb 12)