To improve the security of the openfire server, I only opened the following ports on the server:
7443/tcp
5223/tcp
and the port related to the Pion TURN/STUN plugin (of course, I also changed its default port)
The port related to the Admin Console (of course, I changed its default port as well)
Server ssh port
Currently, clients who are on an openfire server can send text messages to each other, make voice calls and send files to each other.
The server where openfire is installed. It does not need to connect to other openfire servers. It means that all users are on the same server.
Do I need to open another port?
Are there any other security enhancements I should set in openfire?
Please help friends
This is not a question that can be answered generically. You could open additional ports, to give more options for clients to connect to your server (eg: to use StartTLS instead of direct TLS for client connections). Only you can answer if that’s appropriate to your specific setup.
As an aside: changing default ports doesn’t add any security value. There’s enough automation in scanning tools that this is easily detected and circumvented. You then end up with a non-standard setup that at best is more complex to maintain, and at worst incompatible with third-party software that is hard-coded to use defaults.
thanks for your answer
Please explain more. Unfortunately, he did not understand
Please tell me what to do to improve the security of openfire. That is, both from the point of connecting users and from the point of view of the openfire server
It’s not that simple. There is no switch that says ‘enable security’. If it was so easy, Openfire would obviously just implement that. Security is always a trade-off: What is ‘secure’ for one person, is ‘unworkable’ for another person. Openfire ships with what I believe are mostly sensible defaults.
To adjust security-related configuration, you will need to develop a thorough understanding of things like your security requirements, feature requirements and the available configuration options for Openfire.
If you do not know what all this means, then I suggest to run with the defaults, and only make modifications for very specific things that you identify as not matching with your requirements. Do not start making changes ‘for security’ without thoroughly understanding exactly what effect of those changes are: you’ll only be disappointed by what you perceive as bugs and broken functionality.
thanks for your answer
As I told you, I only opened the following ports
7443/tcp
5223/tcp
and the port related to the Pion TURN/STUN plugin (of course, I also changed its default port)
The port related to the Admin Console (of course, I changed its default port as well)
Server ssh port
that in these few days that I tested and the users were in communication with each other without any problem and they were able to send messages and files and make voice calls.
If you still have another suggestion or another specific port that I should open for better performance of openfire, please tell me.
In order to maintain server security, I do not want to open unused or unnecessary ports
Thanks