Re: Destiny Gaming

["Keller, Alex" <axkeller () STANFORD EDU>]

Legitimacy and design/architecture aside, please note that of the thousands of ports that are specified in the Bugie 
documentation, "only" 3074 UDP and 35000-35099 TCP are required to open INBOUND. Unless you are actually performing 
egress filtering (most hi-ed institutions don't) then the majority of these ports are already open/available.

Best,
alex



Alex Keller
Information Technology
Stanford School of Engineering
axkeller () stanford edu  
(650) 736-6421


From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Self, 
Dennis
Sent: Thursday, September 11, 2014 7:33 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Destiny Gaming

A student has requested the opening of a large number of firewall ports (thousands) as referenced at the vendor site: 
http://www.bungie.net/en/Help/Article/11875.  We do not plan to open the ports.  I have never played the game.  The 
request raises concerns that the application has security design issues, and the company has brazen attitudes towards 
security in stating the ports should be opened.  Has anyone else dealt with this and developed an objective rationale?

Kind regards,

Dennis Self, CISSP
Director, IT Security & Compliance
Technology Services
 
205-726-2692 | office
DLSelf () Samford edu
www.samford.edu
800 Lakeshore Drive, Birmingham, AL 35229


 "Truth is not democratic." Dennis Self, 2013