Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 40 subscribers
  • Views 50954 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Opening Ports 80 and 443 safe or dangerous?

DMC

A outsource support group wants Port 80 and Port 443 opened in order they can log onto a server. They don't want to RDP into the system to do maintenance.

Is it dangerous and foolish to open Port 80 and Port 443 and port forward it to a particular server?

 

Their next suggestion was to port forward and white list their IP to allow only traffic from their office to that server. Is this wise?

Thank you



This thread was automatically locked due to age.
Parents
  • 0

    DMC,

    Ports 80 and 443 are very popular and they can be discovered by attackers easily.

    Make sure you understand what is flowing inside those ports. Make sure to use 443 because traffic is encrypted.

    Opening them from a restricted IP reduces the attack surface.

    The best way to stay protected is always a VPN and they should that instead of other protocols.

    Regards

  • 0 in reply to lferrara

    Thank you

    I setup the outsourced group with a VPN, and they use RDP to access the server. They now want a new way to access the server. They haven't explained why and I didn't agree to their request. However for the sake of peace, I said I would ask other people in the field if they agree to open port 80 and port 443.

    What did you mean by "Opening them from a restricted IP reduces the attack surface"?

  • +1 in reply to DMC

    You could only allow a set of public IPs through the firewall to your web site from the Internet.

    For opening a website from the outside, you need to make sure the site is secure from XSS or SQL Injection and make sure that only secure SSL cyphers are allowed.  If you don't know how to do that, I would leave them VPN.

Reply Children
No Data
Unfiltered HTML