Hi,
The security team at my company is coming under increasing pressure to start opening all sorts of outgoing port numbers every time a project manager decides to use a piece of software that needs internet access. This is becoming a real problem for us, and I would imagine it is for many people?
We need to gather some 'ammunition' to back up our case for insisting software uses internet standards (i.e. html or java and uses port 80 etc) rather than being written in something like Cobra (port 15000 - 150015) and Netstore (16384)
If anybody has any links or info it would be gratefully received. Opinions obviously also welcome, but please state the type of company or situation your firewalls are used in if possible etc
Sort of questions we get is:
"We let browsing happen on port 80, why not other applications on other ports?"
"What's so bad about using just any old port, surely they are all the same"
Cheers, dj
