Well, not to be picky, but, webservers cannot "control" ports anyway, only firewalls can.
I have assumed all along that your network has an operational and well configured firewall (configured by your "techies", I suppose). Anyway, a network firewall (not personal firewall) is an absolute necessity, not a luxury. Any outside utility you use to check your ports will be checking the ports on your firewall, not your local machine and not your web server.
-Frank
To be picky, neither nor can. You don't need "control ports", because a port is not a door or gate nor a harbour, but just a maintainance number.
F'up2csf, where this is on-topic.
Yours, VB.
"Control Ports", in this context, means: Block, Allow, Deny, Drop, Allow only specific running services on that port, inbound AND outbound, etcetera.
A Web server cannot do that. A network firewall can.
-Frank
If you want to, it can. If the web server is the only server on the box, any other things are denied. And the web server can decide, which connection to accept.
Yours, VB.
begin quotation from ship in message posted at 2006-05-19T01:56
Such a protocol is a must if one doesn't want something trivial like a packet sniffer to reveal one's secret authentication info.
It's actually a completely different protocol, layered over ssh (secure shell).
What about all the other software? There's a *lot* more than just a database, Web server, and a kernel; there is the rest of the operating system as well (the "GNU" in "GNU/Linux").
I wouldn't really trust anything which runs as part of Windows boxes, except maybe to set policy for certain programs you don't trust. If you want to enable it in addition to a real, multiple bastion host firewall device, great.
[referring to Microsoft]Not surprisingly, I disagree, but neither of these two groups I'm setting followups to are really an appropriate forums for this debate.
Nobody ever got "owned" by having too much security.
I know OpenBSD has a "synproxy state" option when used as a firewall/router that pretty much stops SYN floods cold, as well as the ability to normalize packets as desired.
I use the term to mean "computer entrusted to securing a network as its primary reason for existence". I never use it to refer simply to, say, Windows software running on the same single PC that it's trying to protect, and believe that Microsoft is being intentionally deceptive by calling its offering in Windows XP.2 a "firewall".
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.