Port 443 risk

What is the risk in opening TCP port 443 for both inbound and out bound traffic on a firewall?
paullordAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

WakaMangCommented:
I don't think there is a risk. You only need to open it for inbound traffic when you have an internal
website running on 443 and you make sure it also is a https certificate with a trusted certificate to encrypt traffic.

When you want to open it for outbound traffic your users can acces https sites(wich are normally running on 443) wich also use certificates to encrypt traffic.
0
paullordAuthor Commented:
Specifically I was opening it for Windows Mobile Active Sync. Any issues with that ?
0
aaronblumCommented:
As long as you are patched out you should be ok.  Generally security risks come from administrators having open ports to services they are unaware of or not maintaining.  A number of known worms scan for vulnerable machines on 443/tcp but if you stay on top of patching your services, you should be as safe as anyone can be.
0
Challenges in Government Cyber Security

Has cyber security been a challenge in your government organization? Are you looking to improve your government's network security? Learn more about how to improve your government organization's security by viewing our on-demand webinar!

WakaMangCommented:
What aaronblum is saying; Keep you're servers updated especially the ones wich are accessible from the internet, when your system is updates you can scan the vulnerability with some tools you can find on the internet, here an example:
http://www.freewebs.com/okidan/
0
ParanormasticCryptographic EngineerCommented:
Technically you could remap port 443 to another port, but this would give you only a limited amount of extra security - this would be 'security through obscurity' .. in other words it would protect against anything pointed only to port 443, but any well written virus would like try on all ports anyways.  Its generally not worth the hassle of reconfiguring the defaults for everything else in the world for what little gain you would have.

Patch and monitor is about all you can do, or just not use it.  The only truly secure server is the one that never gets ordered/installed.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
aaronblumCommented:
Yup, and the only way to make it impossible to hack your machine is to turn it off and unplug everything from it :)  (in the case of a laptop, pull the battery too)
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
TCP/IP

From novice to tech pro — start learning today.