?
Solved

opening ports 110 and 25 in proxy server

Posted on 2008-11-11
4
Medium Priority
?
653 Views
Last Modified: 2012-05-05
In our LAN environment users are given internet access through Proxy server.We get request from users to open the ports POP3 110 and SMTP 25 in the proxy server.Is there any risk by opening this ports in proxy server?Pl suggest
0
Comment
Question by:megavannan
4 Comments
 
LVL 16

Expert Comment

by:JoWickerman
ID: 22928603
Hi megavannan,

No, there is no security risks as only mail will be allowed through these 2 ports. You can open them and not worry about security issues.

Cheers.
0
 
LVL 3

Accepted Solution

by:
drpoppers earned 2000 total points
ID: 22928792
I'd be slightly concerned about opening port 25, if for some reason you get a virus infection that turns a pc into a spambot, it will send out on port 25, now you should pick this up from the proxy logs that it's suddenly getting a huge amount of traffic on this port and be able to locate the issue.

The other thing is do you want people being able to send/receive email from their desktops? I've worked for companies where this is banned and only work email can be used, depends how harsh your IT policies are.
0
 
LVL 14

Expert Comment

by:Roachy1979
ID: 22928966
I'd agree with drpoppers - are you running a local mail server on the network (ie. exchange)?  If you are running a mail server off site, then best practice would be to permit traffic between the client machines and the remote mail server only.  That also prevents users from sending mail via personal mail accounts from the office.

0
 
LVL 13

Expert Comment

by:Kelvin_King
ID: 22931062
There are always risks by opening up additional ports, especially commonly know ports.

You'll have to weigh the consequences of opening additional ports.

Do these ports need to be opened for official use? (coorporate email etc...) if so, then you'll have to open the ports and deal with the additional security issues. For example you should have an IDS and content filter.

If these requests are for non-official purposes, like sending their own personal mail, I see no reason why you should entertain those requests. As you said, they already have internet access, they can just use web mail.

Hope that helps.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Transferring data across the virtual world became simpler but protecting it is becoming a real security challenge.  How to approach cyber security  in today's business world!
The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.
This lesson discusses how to use a Mainform + Subforms in Microsoft Access to find and enter data for payments on orders. The sample data comes from a custom shop that builds and sells movable storage structures that are delivered to your property. …
Screencast - Getting to Know the Pipeline
Suggested Courses

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question