troubleshooting Question

Is opening Port 389 (for LDAP) a risk IF it is only open to 1 outside IP Address?

Avatar of high_sobo
high_soboFlag for United States of America asked on
Network SecurityHardware FirewallsWindows Server 2003AntiSpam
3 Comments2 Solutions668 ViewsLast Modified:

I'm in the process of setting up Sonicwall Hosted Email Security (HES) and my Domain Controllers are currently Windows 2003 servers (in the process of upgrading them now).  I have a SonicWall NSA 3500 firewall.

In order for HES to integrate easily with our users, they need port 389 open for LDAP queries.  I found a single IP address that HES uses to query LDAP and I opened and nat'd port 389 ONLY for this single IP address.

Does this pose a security risk.  I'm thinking that is does not, because port 389 is only open to one IP address.  But I'm not sure with today's sophisticated hacking methods if I'm okay to leave it setup this way long term.

One last thing, I did consider LDAPS (ssl), but because I'm a month or so away from upgrading my Domain Controllers, I didn't want to go down this road until my migration is complete.

Thank you
Carl Dula

Our community of experts have been thoroughly vetted for their expertise and industry experience.

Join our community to see this answer!
Unlock 2 Answers and 3 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 2 Answers and 3 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros