Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: trusted & untrusted ports

From: Tobias Reckhard <jester71 () gmx net>
Date: Tue, 11 Nov 2003 09:30:11 +0100
Hilal Hussein wrote:
Q1 - How to identifiy trust vs untrusted ports. As sometimes, users working within our network will ask to open certain ports in the firewall in order to allow communication to a certain application outside the coorporate network. From security prespective, based on what evaluation should i accept or reject opening the requested port(s) ? maybe it will know to be used by hackers, or viruses as a threat.
A port is nothing but a 16-bit integer, nothing more, nothing less. A port itself has no security characteristics at all. It is the applications on either end of the TCP/IP communication which you can evaluate regarding their security, as well as the characteristics of the communications path and protocol.
But since you're asking specifically, _any_ port can be used for either form of purpose: legitimate or malicious. Of course, there are ports that some known malware defaults to using and you should be suspicious if someone wants port 37337 opened. However, port 80 has exactly the same potential.
In the ideal world, you'd channel everything across application layer gateways that really knew what is OK and what isn't. But even without that, what you need to answer your real question is a security policy. That should state the security posture of your organisation and allow you to decide now and in the future how to deal with new communication requests.
Q2 - Reading some technical documents about accessing applications over the net, I noticed that sometimes the connection is not a client/server technique, it could be through the http port, in other words, no need to open specific port in order to be able to access the net application from within our network coorporate since it is using the http port.
Just because they're tunneling over/through HTTP, that doesn't change the fact that it still uses the client-server-model. Actually, the trend of tunneling stuff through HTTP to cross firewalls isn't regarded as being entirely helpful by the security community.. 

Cheers,
Tobias


_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: