Day: 18/01/2010

Story about Using TCP Port Numbers to Improve Security

Our customer had decided to move their company’s websites from an ISP to their
own network to reduce costs. Security was a concern, so they wanted the Web servers shielded by their Cisco firewall to prevent unauthorized access. The firewall was placed on the company’s Internet connection between the company’s network and the Internet. It examined all incoming packets and used the IP addresses and TCP port numbers on the packets to decide what packets to allow into the company’s network and what packets to discard (i.e., not allow into the company’s network).

The firewall was configured to enable packets with a destination IP address of the main web server and a TCP port number of 80 to pass through it, because the TCP port number of the web server software was 80, which is the standard Web port number. This way, any HTTP packets would flow through the firewall and reach the Web server. However, the company wanted to ensure that any FTP packets or telnet packets (or any packets that could be used to make changes to the Web server) that came from outside the company’s network were not permitted to reach the Web server. Therefore, the firewall was configured to discard any packet sent to the Web server that had a port number other than 80. Therefore, if a hacker tried to attack the Web server from outside the network, the firewall would prevent those packets from ever reaching the Web server.