Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Firewall Wizards: Re: trusted & untrusted ports

Re: trusted & untrusted ports

From: Monkey Boy <hydra291_at_hotmail.com>
Date: Mon, 10 Nov 2003 08:35:42 -0500

>Q1 - How to identifiy trust vs untrusted ports. As sometimes, users working
>within our network will ask to open certain ports in the firewall in order
>to allow communication to a certain application outside the coorporate
>network. From security prespective, based on what evaluation should i
>accept or reject opening the requested port(s) ? maybe it will know to be
>used by hackers, or viruses as a threat.

You would have to ask management what is and is not acceptable to them. Most
ports that are opened by an application within your network will hand off
that request on an ephemeral port as well. It is not as if say IE will hand
off a browser request on port 80, it will handled by an ephemeral port. If
you are going to be running services such as FTP, SMTP and the such then
they do listen on a generally well known port such as 21 or 25 respectively.
Those types of issues are fairly straight forward to resolve. However say
running an irc server on 6667 is something your being asked I would have to
take that up with management. That will definitely impact security,
bandwidth, among other things. Bottom line each service which you are being
asked to allow out has to be evaluated separately.

>Q2 - Reading some technical documents about accessing applications over
>the net, I noticed that sometimes the connection is not a client/server
>technique, it could be through the http port, in other words, no need to
>open specific port in order to be able to access the net application from
>within our network coorporate since it is using the http port.

All communications outside of peer to peer stuff is based on a client/server
model Hilal. Even if you are tunneling traffic out over port 80 it is still
going out that port as a client request to a server somewhere. That does not
change at all. Most services operate on well known ports such as the
afore-mentioned FTP and SMTP. If you have employee's tunnelling traffic out
over http then it may be time to have a chat with them and human resources
over that being forbidden by company policy. Speaking of company policy you
would need to have a clear and concise one which everyone has to read and
sign off on.

regards,

Don

_________________________________________________________________
MSN 8 with e-mail virus protection service: 2 months FREE*
http://join.msn.com/?page=features/virus&pgmarket=en-ca&RU=http%3a%2f%2fjoin.msn.com%2f%3fpage%3dmisc%2fspecialoffers%26pgmarket%3den-ca

_______________________________________________
firewall-wizards mailing list
firewall-wizards_at_honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Received on Nov 11 2003

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos