EXPERT RESPONSE
I would hesitate to draw a direct parallel between the number of open ports and the overall security risk. I'm more comfortable expressing risk in terms of the number of available services and the range of hosts that those services are exposed to. If all 40 ports are proprietary services used by the backup application, as opposed to Windows file sharing and other more general-purpose ports, the risk of exposing all of them is probably not much greater than the risk of exposing a handful. Exposing a large number of well-known ports, however, could be a substantial risk, depending upon the nature of those ports.
I'm going to assume that you're using a protocol that has a single arbitrary port for each connection negotiated between the client and the server. That's the case for a number of backup systems. If so, you may be able to configure and narrow down the port range to just high-numbered ones, those unused by other services. Once you limit the number of ports, be sure to also tightly control and reduce the IP range of systems that may connect to the server.
It's important to remember that security and convenience often have an inverse relationship. The true art of security is balancing the two and reaching compromises that effectively secure an organization's data while still allowing the company to meet its business objectives.
More information:
A company may claim it has an "application" that allows computers to communicate without opening any ports. Should you believe the hype?
See how open ports can increase LAN exposure.
|
