[THIN] Re: Port/box Security

  • From: "Robert K Coffman Jr - Info From Data Corporation" <bcoffman@xxxxxxxxxxxxxxxx>
  • To: <thin@xxxxxxxxxxxxx>
  • Date: Thu, 20 May 2004 14:38:20 -0400

While I completely agree with you in theory, in practice this has never
caused us a problem.  I've suggested to my clients that it may be a matter
of time before this port gets exploited, to date we've had 0 issues and have
been running this way for years.

Can anyone provide concrete reasons not to expose 1494 to the internet?

PS - Don't jump all over me here, I'm all in favor of exposing as little as
possible to the net...  I just need more ammo to convince those with the
purse strings.

- Bob Coffman

-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx]On
Behalf Of Chris Lynch
Sent: Thursday, May 20, 2004 12:01 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Port/box Security

Hash: SHA1

The cost of hardware is negligible once someone high up understands
the security implications.  Also, these two services can run on the
same server, and don't require much (PIV with 512MB of RAM would be
sufficient for almost 1000 connections).

And, notice that I said "WI AND SG".  I would never recommend running
just WI, unless it was for internal users only.  Exposing the ICA
port to the Internet is just asking for trouble.  Especially if you
are also wanting Program Neighborhood access (either XML or


This Week's Sponsor - Tarantella Secure Global Desktop
Tarantella Secure Global Desktop Terminal Server Edition
Free Terminal Service Edition software with 2 years maintenance.
Useful Thin Client Computing Links are available at:
For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link:

Other related posts: