I think it like anything that has to do with http access, we have seen of late the worry of http as if you use checkpoint and most firewalls they allow out all http, many programs including maybe that outlook issue, can dynamically adapt to push traffic through http, we have seen this at our place lately: Scenario
We have checkpoint installed, we have rule HTTP ALLOW from inside netcache to NET, we block all rest apart from select groups through ftp which is on different rule.
We found in the logs today a connection going through 4622 and back through our netcache, the netcache is a basis for our proxy software and we have web filtering in there too.
The connection had changed to feed through http port so we allowed it, someone had installed emonkey on there pc at work and that was making connections and the back connection alerted firewall, now we have cisco ids and own built snort with stormfront, and we spotted it first hand, but that shows the threat of http allow.
To stop this we actually changed our netcache rules to only allow Mozilla headers in the packet through http on firewall as a test, and that only then allowed browsers, we may have to modify the test lab for real player for top bosses etc, but this gave us an extra dimension.
I hope this had maybe not answered your question, but given you thought for process of how port changing can maybe be controlled, and hardening allow services a little, may help you out
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum