GroupStudy.com GroupStudy.com - A virtual community of network engineers
 Home  BookStore  StudyNotes  Links  Archives  StudyRooms  HelpWanted  Discounts  Login
Re: Security advice - opening ports other than 80 [7:42333] posted 04/23/2002
[Chronological Index] [Thread Index] [Top] [Date Prev][Date Next] [Thread Prev][Thread Next]


I agree with Sam.  You can (and should) limit access as much as possible; if
server A needs TCP port 100 open, then TCP port 100 should *only* be open to
server A's ip address.  That way, the only packets that get it will be
dropped into the waiting arms of your vendors program.  And if there's a
security issue there, you will know who to talk to.

You want to make sure you know what ports can get in to what addresses, and
what applications are listening at those ports.  That will give you a list
(hopefully short) of application you need to keep updated with security
patches.


Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=42383&t=42333
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to abuse@xxxxxxxxxxxxxx