• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1459
  • Last Modified:

Port 443 risk

What is the risk in opening TCP port 443 for both inbound and out bound traffic on a firewall?
0
paullord
Asked:
paullord
1 Solution
 
WakaMangCommented:
I don't think there is a risk. You only need to open it for inbound traffic when you have an internal
website running on 443 and you make sure it also is a https certificate with a trusted certificate to encrypt traffic.

When you want to open it for outbound traffic your users can acces https sites(wich are normally running on 443) wich also use certificates to encrypt traffic.
0
 
paullordAuthor Commented:
Specifically I was opening it for Windows Mobile Active Sync. Any issues with that ?
0
 
aaronblumCommented:
As long as you are patched out you should be ok.  Generally security risks come from administrators having open ports to services they are unaware of or not maintaining.  A number of known worms scan for vulnerable machines on 443/tcp but if you stay on top of patching your services, you should be as safe as anyone can be.
0
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

 
WakaMangCommented:
What aaronblum is saying; Keep you're servers updated especially the ones wich are accessible from the internet, when your system is updates you can scan the vulnerability with some tools you can find on the internet, here an example:
http://www.freewebs.com/okidan/
0
 
ParanormasticCryptographic EngineerCommented:
Technically you could remap port 443 to another port, but this would give you only a limited amount of extra security - this would be 'security through obscurity' .. in other words it would protect against anything pointed only to port 443, but any well written virus would like try on all ports anyways.  Its generally not worth the hassle of reconfiguring the defaults for everything else in the world for what little gain you would have.

Patch and monitor is about all you can do, or just not use it.  The only truly secure server is the one that never gets ordered/installed.
0
 
aaronblumCommented:
Yup, and the only way to make it impossible to hack your machine is to turn it off and unplug everything from it :)  (in the case of a laptop, pull the battery too)
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now