We wish to allow an external manufacturer to remotely access the copiers that it leases to us, so it can obtain monthly meter readings. The company requires either port 110 or port 25. A free tool revealed that both of these ports are closed. We are an office with a small server. How do I open these ports, and will that have any security repercussions?
This is a common scenario: many organizations lease office equipment, and the companies providing that equipment often need access to the electronic meters for billing purposes. I'm not concerned about the type of information they're requesting.
On the other hand, this request sounds a little fishy from a technical perspective. Port 110 is used by the POP3 protocol for unencrypted access to electronic mail. The port is intended for end-users to connect to a mail server to retrieve messages. I can't imagine any reason that this port would be used in this case.
Port 25 is used by the SMTP protocol to send mail. The use of this port sounds a little more reasonable, but only if the request is that the copier be allowed to connect to your mail server on port 25. Port 25 would be used to send mail from the copier to the company, and there should be no reason you would have to allow inbound access to the copier on it.
The "how" part of your question depends upon your network topology. If the copier and your mail server are on the same network segment, you shouldn't need to change anything. If they're on different network segments, and those segments are separated by a firewall, you'll need to create a firewall rule that allows port 25 connections from the copiers to the mail server. See your firewall documentation for more on exactly how to do this.
- Learn how open ports can increase LAN exposure.
- Another reader asks Mike Chapple, "What is the relationship between open port range and overall security risk?"
Dig deeper on Email Security Guidelines, Encryption and Appliances
Related Q&A from Mike Chapple, Enterprise Compliance
Social media compliance is not typically considered a big issue for companies, but expert Mike Chapple explains why it should be.continue reading
Metadata tagging is not just for security. Expert Mike Chapple explains how tagging tools can be used to achieve PCI DSS compliance.continue reading
Before using the HIPAA-compliant cloud services from Google, there are some things companies need to know, according to expert Mike Chapple.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.