How would changing the ports make them more secure.
In the admin console, set the unsecured port to 0, rather than 9090. It will not be used the next time Openfire is started. Or you could use a firewall to block it.
In the admin console, set the unsecured port to 0, rather than 9090. It will not be used the next time Openfire is started. Or you could use a firewall to block it.
Hmm, this doesn’t seem to work. If I set it to 0 then it won’t let me save and says I need a valid port number. Blocking the port seems easiest.
That strategy usually gives a false sense of security - A port scan can identify open ports on a system pretty quickly, so even if you move services to non-standard ports they are easy to find.
Admin console should be restricted to an internal LAN or management network.No reason to have it open to the Internet.
The Internet Assigned Numbers Authority (IANA) is responsible for the global coordination of the DNS Root, IP addressing, and other Internet protocol resources. This includes the registration of commonly used port numbers for well-known Internet services.
The port numbers are divided into three ranges: the well-known ports, the registered ports, and the dynamic or private ports. The well-known ports are those from 0 through 1023. Examples include:
20 & 21: File Transfer Protocol (FTP)
22: Secure Shell (SSH)
23: Telnet remote login service
25: Simple Mail Transfer Protocol (SMTP)
53: Domain Name System (DNS) service
80: Hypertext Transfer Protocol (HTTP) used in the World Wide Web
110: Post Office Protocol (POP3)
119: Network News Transfer Protocol (NNTP)
143: Internet Message Access Protocol (IMAP)
161: Simple Network Management Protocol (SNMP)
443: HTTP Secure (HTTPS)
The registered ports are those from 1024 through 49151. IANA maintains the official list.[2] The dynamic or private ports are those from 49152 through 65535. One common use is for ephemeral ports.
End Quote:
a good firewall wil monitor what is running on those ports and verify the protocol as well. otherwise you will not be able to open the port and the server will not likely start. you could try getting around this by registering the program etc. On Unix this is easier to do than windows. If done correctly and if you also tell the firewal to buzz off you can open on a reserved port