[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1350
  • Last Modified:

Port 443 risk

What is the risk in opening TCP port 443 for both inbound and out bound traffic on a firewall?
0
paullord
Asked:
paullord
1 Solution
 
WakaMangCommented:
I don't think there is a risk. You only need to open it for inbound traffic when you have an internal
website running on 443 and you make sure it also is a https certificate with a trusted certificate to encrypt traffic.

When you want to open it for outbound traffic your users can acces https sites(wich are normally running on 443) wich also use certificates to encrypt traffic.
0
 
paullordAuthor Commented:
Specifically I was opening it for Windows Mobile Active Sync. Any issues with that ?
0
 
aaronblumCommented:
As long as you are patched out you should be ok.  Generally security risks come from administrators having open ports to services they are unaware of or not maintaining.  A number of known worms scan for vulnerable machines on 443/tcp but if you stay on top of patching your services, you should be as safe as anyone can be.
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
WakaMangCommented:
What aaronblum is saying; Keep you're servers updated especially the ones wich are accessible from the internet, when your system is updates you can scan the vulnerability with some tools you can find on the internet, here an example:
http://www.freewebs.com/okidan/
0
 
ParanormasticCryptographic EngineerCommented:
Technically you could remap port 443 to another port, but this would give you only a limited amount of extra security - this would be 'security through obscurity' .. in other words it would protect against anything pointed only to port 443, but any well written virus would like try on all ports anyways.  Its generally not worth the hassle of reconfiguring the defaults for everything else in the world for what little gain you would have.

Patch and monitor is about all you can do, or just not use it.  The only truly secure server is the one that never gets ordered/installed.
0
 
aaronblumCommented:
Yup, and the only way to make it impossible to hack your machine is to turn it off and unplug everything from it :)  (in the case of a laptop, pull the battery too)
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now