Securing ports is the basics of network security.
Many network security professionals scramble to secure Port 80 on the network, the firewall port through which web traffic passes. While securing Port 80 is an essential requirement of defense against external threats, relying on such protection alone is foolhardy. Research by Palo Alto Networks based on its 1636 customers worldwide discloses that 35 percent of the Web applications and 51 percent of the Web traffic in enterprises does not traverse Port 80. In fact, only 25 percent of applications and 32 percent of all traffic used Port 80 exclusively. 41 percent of applications and 17 percent of traffic used Port 80 and also other ports in a practice known as “port hopping”.
Port Hopping itself is catching on in recent times as an effective means of cyber defense against DDoS attacks. With port hopping, the UDP/TCP port number of the server changes with time and such changes is known only to the server and the client. Such port hopping can detect and filter malicious traffic in a easy manner, without changing any existing protocols.
Even without port hopping, applications that enable file sharing or remote access to a computer pose even more risks than normal web based applications, and such applications do not use port 80.
The research by Palo Alto further states that many employees circumvent corporate security policy by running remote desktop protocol on a non-secured port to remotely manage servers or PCs, which is another major threat.
Source: http://www.networkcomputing.
JAN
