This depends on the application and the OS. Make sure you have the OS security patches up to date. Older unpatched OS's allow attacks at the TCP/IP layers. Aside form that there can be bugs on the application level (ex. MS IIS, older snedmail, etc ). Keep up with the vendor's patches and subscribe to cert.org to get the latest on bugs in major applications. ""Brown, M"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > In my case, a third-party application requires port TCP 100 open. I used a > conduit from the PIX allowing in/outbound traffic to that specific server IP > address where the application resides. > > My question is, how can I make sure this TCP 100 port is going to be secure > as possible... I would like to know what kind of threats I would face with > that port TCP 100 open and how I could minimize those threats. > > > > ""Don Nguyen"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Its generally a good idea only to open ports that necesarry (eg. 80 for > > http, 21 for ftp, etc..). Opening up unnecesarry ports and/or running > > unnecesarry services just opens your server up to security > vulnerabilities. > > In your case I don't really understand what you're trying to do. For a > web > > server using SSL you only have to allow inbound traffic to port 443, you > > don't need port 80 open unless it also serves up unencrypted pages. If > you > > want/need to use IPSEC you will need to allow inbound traffic on the UDP > > port 500 and allow IP protocols 50 and 51(not ports 50 and 51). > > > > HTH, > > > > Don Nguyen
Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=42339&t=42333 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
