We help IT Professionals succeed at work.
Get Started

Is opening Port 389 (for LDAP) a risk IF it is only open to 1 outside IP Address?

656 Views
Last Modified: 2015-11-30
Hello,

I'm in the process of setting up Sonicwall Hosted Email Security (HES) and my Domain Controllers are currently Windows 2003 servers (in the process of upgrading them now).  I have a SonicWall NSA 3500 firewall.

In order for HES to integrate easily with our users, they need port 389 open for LDAP queries.  I found a single IP address that HES uses to query LDAP and I opened and nat'd port 389 ONLY for this single IP address.

Does this pose a security risk.  I'm thinking that is does not, because port 389 is only open to one IP address.  But I'm not sure with today's sophisticated hacking methods if I'm okay to leave it setup this way long term.

One last thing, I did consider LDAPS (ssl), but because I'm a month or so away from upgrading my Domain Controllers, I didn't want to go down this road until my migration is complete.

Thank you
Comment
Watch Question
CERTIFIED EXPERT
Commented:
This problem has been solved!
Unlock 2 Answers and 3 Comments.
See Answers
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE