Security Basics mailing list archives
RE: Risk-Port 3270
From: "Nick Vaernhoej" <nick.vaernhoej () capitalcardservices com>
Date: Fri, 7 Dec 2007 14:36:36 -0600
The port number itself is not more or less secure than any other number. You need to look at the service listening, if it is a web server then which one? Once you know what you are dealing with it is simpler to learn how vulnerable you will be. Is the traffic encrypted? By what means? What client will be connecting? The "scenario" you are mentioning does not specify anything but opening port 3270 to a web server. This port number could be anything, think of it as completely randomly picked. (just for the sake of getting the question away from the port number itself). This alone does not give you any information to answer if the traffic can be sniffed... Nick Vaernhoej "Quidquid latine dictum sit, altum sonatur." -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Kartik Sent: Friday, December 07, 2007 1:14 PM To: donge912 () planet nl Cc: security-basics () securityfocus com Subject: Re: Risk-Port 3270 Well, Management is asking whether, in this scenario; How secure will be the traffic? They are asking the probability of data being sniffed. The problem is that i do not have much info regarding the application. On 12/8/07, donge912 () planet nl <donge912 () planet nl> wrote:
Hi Kartik, I think it is hard to tell what the risk is without knowing the
application
that will be making the connection. That's where the risk might be. Regards, Willem van Dongen Sr application analyst -----Oorspronkelijk bericht----- Van: listbounce () securityfocus com
[mailto:listbounce () securityfocus com]
Namens Kartik Verzonden: vrijdag 7 december 2007 9:24 Aan: security-basics () securityfocus com Onderwerp: Risk-Port 3270 Hi, Recently I got a change request which is to be implemented on the firewall. The requirement is to allow port 3270 from inside network to a webserver located in the outside world. I would like to know the Risk/Threats associated with this change. I dont know what kind of a data would traverse in this setup but most likely its going to be something related with financial transactions. -- Thanx & Regards Kartik Sr. Specialist- Security www.hcl.in -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.5.503 / Virus Database: 269.16.17/1176 - Release Date:
12/6/2007
23:15
-- Thanx & Regards Kartik 9810998169 This electronic transmission is intended for the addressee (s) named above. It contains information that is privileged, confidential, or otherwise protected from use and disclosure. If you are not the intended recipient you are hereby notified that any review, disclosure, copy, or dissemination of this transmission or the taking of any action in reliance on its contents, or other use is strictly prohibited. If you have received this transmission in error, please notify the sender that this message was received in error and then delete this message. Thank you.
Current thread:
- Risk-Port 3270 Kartik (Dec 07)
- Message not available
- Re: Risk-Port 3270 Kartik (Dec 07)
- RE: Risk-Port 3270 Nick Vaernhoej (Dec 07)
- RE: Risk-Port 3270 S. Earl Jarosh (Dec 08)
- Re: Risk-Port 3270 Kartik (Dec 07)
- Message not available
- Re: Risk-Port 3270 Michael R. Martinez (Dec 07)
- <Possible follow-ups>
- Re: Risk-Port 3270 krymson (Dec 07)