Is opening Port 389 (for LDAP) a risk IF it is only open to 1 outside IP Address?

Hello,

I'm in the process of setting up Sonicwall Hosted Email Security (HES) and my Domain Controllers are currently Windows 2003 servers (in the process of upgrading them now).  I have a SonicWall NSA 3500 firewall.

In order for HES to integrate easily with our users, they need port 389 open for LDAP queries.  I found a single IP address that HES uses to query LDAP and I opened and nat'd port 389 ONLY for this single IP address.

Does this pose a security risk.  I'm thinking that is does not, because port 389 is only open to one IP address.  But I'm not sure with today's sophisticated hacking methods if I'm okay to leave it setup this way long term.

One last thing, I did consider LDAPS (ssl), but because I'm a month or so away from upgrading my Domain Controllers, I didn't want to go down this road until my migration is complete.

Thank you
high_soboAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

KimputerIT ManagerCommented:
Sonicwall is top of the line, and this device still receives regular updates. Therefore, I would consider it safe. Of course, nothing is really safe in this world, but currently, phishing is more worthwhile for online hackers (as phishing leads to bank accounts, and hence, real money).
Carl DulaCommented:
You should be fine. Unless your business is something that really attracts hackers, opening to a single WAN ip address for one protocol is safe. It is not an easy thing to spoof an ip address and attack your site in the manner you are suggesting.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
high_soboAuthor Commented:
Thank you both for your prompt responses!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Network Security

From novice to tech pro — start learning today.