• Subject: Re: TCPIP port restriction for network security
  • From: Larry Bolhuis <lbolhuis@xxxxxxxxxx>
  • Date: Tue, 23 Jan 2001 11:08:46 -0500
  • Organization: Arbor Solutions, Inc

Opening ports always creates a security risk, even well know ones like
25, 80, 110. What you need to do is balance the need for the port to be
opened with the relative exposure.  Often you can open the port to only
specific machines thus reducing the risk. When opening a port across the
board, you should have a very good understanding of what that port is
used for. If there are multiple uses and an open system is using one
different from that intended, that is a much greater risk.

Personally I prefer chat tools which do not require open inbound ports
like AOL Instant messenger, or ICQ.

 my $.02

 - Larry

mcrump@sgcontainers.com wrote:
> 
> I need some opinions - ok, dumb statement :-)
> 
> For security purposes our firewall has most of the ports closed to the outside
> world.  I know when we started some outside work with a  consulting company I
> had to pull teeth to get port 1352 (Notes) open for some people in our 
>company.
> 
> My question is, and I realize this isn't necessarily AS/400 (umm...iSeries)
> related but what do people do and why with regards to their firewall and 
>ports?
> Is it that bad to really open up a port across the board?  Let me back up a
> little.  We are starting to use SameTime with the same consulting firm and it
> has a chat function.  This chat function does not by default use port 80.  So,
> my options are either open up the port or investigate the changing of the
> default port.  Typically, I hate to mess around with changing default ports
> because it always seems to cause me some sort of problem later.
> 
> Any thoughts/ideas/opinions from you security and network minded people?  If I
> go to my network people all they do is give me grief.  They may be right but 
>I'd
> like to hear what anyone else has to say.
> 
> Thanks.
> 
> Michael Crump
> Saint-Gobain Containers
> 1509 S. Macedonia Ave.
> Muncie, IN  47302
> (765)741-7696
> (765)741-7012 f
> (800)428-8642
> 
> +---
> | This is the Midrange System Mailing List!
> | To submit a new message, send your mail to MIDRANGE-L@midrange.com.
> | To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
> | To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
> | Questions should be directed to the list owner/operator: david@midrange.com
> +---

-- 
Larry Bolhuis
Arbor Solutions, Inc.
(616) 451-2500
(616) 451-2571 -fax
lbolhuis@arbsol.com
+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
| To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: david@midrange.com
+---

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2019 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].