Newco
asked on
how secure is port forwarding?
Hello Experts,
I am trying to change my default port number on the public side for FTP (port 21); I want to use a different port like "9999" or similar, but then change the port inside the firewall. This way I would connect to ftp://mydomain:9999 and go to my ftp to upload files.
My boss want's to know if that is a safe move and if there will be any ramifications.
Your help is greatly appreciated!
I am trying to change my default port number on the public side for FTP (port 21); I want to use a different port like "9999" or similar, but then change the port inside the firewall. This way I would connect to ftp://mydomain:9999 and go to my ftp to upload files.
My boss want's to know if that is a safe move and if there will be any ramifications.
Your help is greatly appreciated!
ASKER
Thank you Neil,
I really meant FTP, but the port 9999 was just an example, it could be 59999 or so.
But now I have this question:
"If you know WHO will be coming in you can stop everyone else" - how do do accomplish that?
I really meant FTP, but the port 9999 was just an example, it could be 59999 or so.
But now I have this question:
"If you know WHO will be coming in you can stop everyone else" - how do do accomplish that?
Most FTP Server software has a feature that will allow you to specify a list of addresses that are allowed to connect. See also: Whitelist
ASKER
Thank you Alex,
So, going back to the original question; what you guys suggest is that changing the default port number on the firewall doesn't really make a difference?
Thank you!
So, going back to the original question; what you guys suggest is that changing the default port number on the firewall doesn't really make a difference?
Thank you!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you! That's a very good explanation.
Not really because when you open the connection to that port the server says "Hi, I'm Newco's FTP Server!" or something like that.
The people that you really need to keep out are not using their browser or the command-line DOS client but rather they are scanning all your ports so they will find it easily.
The people that you really need to keep out are not using their browser or the command-line DOS client but rather they are scanning all your ports so they will find it easily.
Ignore my last response, I started wring it half an hour ago then got a phone call and forgot to submit... but now you've got your answer
Firstly I hope mean SFTP and not FTP?
Secondly can you not tie the port forward to only specific incoming IP addresses? If you know WHO will be coming in you can stop everyone else.