Security Basics mailing list archives
RE: Securing webmail - changing a port necessary to ensure security?
From: "Thiago Lima" <thiagolima () webforce com br>
Date: Thu, 12 Feb 2004 09:02:03 -0300
Security thru obscurity is never a good solution. Even if you change the port to 20000, if someone portscan your machine it will find your webmail. And if your webmail have much access from diferent clients at diferent points you may end up with someone that can't access your webmail because the administrator of a LAN that your client is connected (and trying to access the webmail) blocked outgoing traffic to unkown ports. Resume: stay with 443, but ensure that all software are updated, keep some security polices and run a security scaner (like nessus) from time to time. Regards Thiago.
-----Original Message----- From: Jennifer Fountain [mailto:jfountain () rbinc com] Sent: Wednesday, February 11, 2004 1:03 PM To: security-basics () securityfocus com Subject: Securing webmail - changing a port necessary to ensure security? I am going back and forth on this one with a consultant on this one and need an expert opinion. So, I turn to you :) When configuring webemail (such as owa) that is using https, is it better to change the default port (443) to an uncommon port (20000)for security reasons? Does it secure it further by doing this? Wouldn't it cause more issues than anything if you try to access that site from inside an org that only allows port 80/443 and 21 out? Thank you in advance for any opinions you may share. Kind Regards, Jennifer Fountain --------------------------------------------------------------- ------------ Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection Protect your network with the comprehensive security solution that integrates six applications for ease of use and lower TCO. Firewall - Virus protection - Spam protection - URL blocking - VPN - Wireless security. Download 30-day evaluation at: http://www.astaro.com/php/contact/securityfocus.php --------------------------------------------------------------- -------------
--------------------------------------------------------------------------- Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection Protect your network with the comprehensive security solution that integrates six applications for ease of use and lower TCO. Firewall - Virus protection - Spam protection - URL blocking - VPN - Wireless security. Download 30-day evaluation at: http://www.astaro.com/php/contact/securityfocus.php ----------------------------------------------------------------------------
Current thread:
- Re: Securing webmail - changing a port necessary to ensure security?, (continued)
- Re: Securing webmail - changing a port necessary to ensure security? Michael Gale (Feb 12)
- Re: Securing webmail - changing a port necessary to ensure security? Pete Hunt (Feb 12)
- Re: Securing webmail - changing a port necessary to ensure security? Sandro Melo (Feb 13)
- RE: Securing webmail - changing a port necessary to ensure security? Aditya, ALD [Aditya Lalit Deshmukh] (Feb 12)
- RE: Securing webmail - changing a port necessary to ensure security? Joey Peloquin (Feb 13)
- Re: Securing webmail - changing a port necessary to ensure security? Dedric Ramsey - Ramsey Consulting Svcs (Feb 13)
- Re: Securing webmail - changing a port necessary to ensure security? Chris (Feb 13)
- Re: Securing webmail - changing a port necessary to ensure security? AgfTech Lists (Feb 13)
- Re: Securing webmail - changing a port necessary to ensure security? Miles Stevenson (Feb 13)
- Re: Securing webmail - changing a port necessary to ensure security? Ansgar -59cobalt- Wiechers (Feb 13)
- RE: Securing webmail - changing a port necessary to ensure security? Thiago Lima (Feb 13)
- RE: Securing webmail - changing a port necessary to ensure security? Byron Copeland (Feb 16)
- RE: Securing webmail - changing a port necessary to ensure security? Michael Bellears (Feb 12)