Link to home
Start Free TrialLog in
Avatar of high_sobo
high_soboFlag for United States of America

asked on

Is opening Port 389 (for LDAP) a risk IF it is only open to 1 outside IP Address?

Hello,

I'm in the process of setting up Sonicwall Hosted Email Security (HES) and my Domain Controllers are currently Windows 2003 servers (in the process of upgrading them now).  I have a SonicWall NSA 3500 firewall.

In order for HES to integrate easily with our users, they need port 389 open for LDAP queries.  I found a single IP address that HES uses to query LDAP and I opened and nat'd port 389 ONLY for this single IP address.

Does this pose a security risk.  I'm thinking that is does not, because port 389 is only open to one IP address.  But I'm not sure with today's sophisticated hacking methods if I'm okay to leave it setup this way long term.

One last thing, I did consider LDAPS (ssl), but because I'm a month or so away from upgrading my Domain Controllers, I didn't want to go down this road until my migration is complete.

Thank you
SOLUTION
Avatar of Kimputer
Kimputer

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of high_sobo

ASKER

Thank you both for your prompt responses!