I am developing j2me app. I need to receive sms on specific port. Which is the best port to define for receiving sms?
Thanks for advice
The SMS spec (JSR 120) says you can't have a port that another app is using at that time, and also you can't have any of the ports that are specified in the following table.
For security reasons, Java applications are not allowed to send SMS messages to the port numbers listed in Table A-4. Implementations MUST throw a SecurityException in the
MessageConnection.send() method if an application tries to send a message to any of these port numbers.
Table A-4: Port Numbers Restricted to SMS Messages
Port number Description
2805 WAP WTA secure connection-less session service
2923 WAP WTA secure session service
2948 WAP Push connectionless session service (client side)
2949 WAP Push secure connectionless session service (client side)
5502 Service Card reader
5503 Internet access configuration reader
5508 Dynamic Menu Control Protocol
5511 Message Access Protocol
5512 Simple Email Notification
9200 WAP connectionless session service
9201 WAP session service
9202 WAP secure connectionless session service
9203 WAP secure session service
9207 WAP vCal Secure
49996 SyncML OTA configuration
49999 WAP OTA configuration
Oddly, I can't see any restriction on any other values of the port number. I'm sure this must be set out somewhere but I can't find it in the spec.
However, I strongly suggest restricting yourself to port numbers between 1 and 65535.
Generally 5001 port is use for such operation. you can see very good example here.
Related
I am developing an IoT device that uses TI's tm4c129encpdt microcontroller, cc3100 wifi chip and TI RTOS, and I am using TLS for secure communication with the server (HTTPS).
I just want to make my device more secure by adding some authentication methods. I am already assigning tokens to the device through a server.
Is there any standard way to add authentication method to an IoT device based on which I can assure to my clients that it has secured communication and authentication method?
Thanka and Regards
Akhilesh Gangwar
Use the 2-way authentication using TLS.
when working with service bus relay how's the security done?. Both transport and message level? If we use SAS key based sb endpoint does it mean it is https by default? At Message level I believe we have to do the regular encryption and decryption.
It uses either TCP, HTTP, or HTTPS depending on what you select. If you set it up so it uses client authorization, it will block you from using HTTP.
A client computer ClientA (with IE) belonging to DomainA, domain controller DCA.
A server computer ServerB (with IIS) belonging to DomainB, domain controller DCB.
Which are the minimum required default ports between machines from the two domains I need to open to allow a user in Client A, to login into a kerberos protected Web Application hosted in IIS on ServerB with its DomainA credentials?
At a minimum ClientA to ServerB TCP 80 :)
When the ClientA makes a request to ServerB:80 it receives a NEGOTIATE Authorize Header. Then ClientA does a SPN request to DCA on port 88. Then I don't know if DCA need to contact DCB or if it is required for DCA and DCB to have been established some kind of configuration (one-way trust?) between them and which ports need to be opened for that.
I guess ClientA doesn't need to contact DCB in any case.
Let's imagine ClientA have received the required service token from DCA. Then it sends its own credentials to ServerB. In order to decrypt the token and figure out if I am who I am, ServerB needs to contact DCB? Or ServerB needs to contact DCA? I guess not.
Be aware that in principle I don't have the requirement to be able to list DomainA users from the ServerB machine. I could manually add users in web.config Authorization section.
It seems to me that the ports listed here https://support.microsoft.com/en-us/kb/179442
is too much for my scenario.
EDIT:
After reading several info on the subject, it seems ClientA computer need to have TCP 88 (Kerberos) connectivity to DCB. And between DomainA and DomainB a one-way trust should be established previously so a TDO object exists in the two domains, so DCA would be able to generate referals tickets for DCB to consume. It seems there is no need for direct connectivity between DCA and DCB except the one needed to have the TDO objects synchronized.
I'm using Brokered Messaging (Topics/Subscriptions) in Azure Service Bus and I'm curious how (or whether) the communication is secured using SSL.
I'm sending and receiving messages using the connection string:
var connectionString = CloudConfigurationManager.GetSetting("Microsoft.ServiceBus.ConnectionString");
var Client = TopicClient.CreateFromConnectionString(connectionString, "TestTopic");
Client.Send(new BrokeredMessage());
Is that message secure when it is sent?
Yes and no. The communication to and from your client to the Azure server is encrypted if using TLS (SSL). Once that communication is complete and the data is passed along to the server process, it's no longer secure (it's behind the Azure firewall, etc. etc. but no longer encrypted).
Brokered messaging does not have a message-level security option like relayed messaging (WCF option) so only transport-layer security is used--which means it's only protected while in that transport layer.
Yes, they are using SSL by default. It might depend on your connectionstring, but I tested (and verified with Fiddler) with the following connection string and can say it is transport level encrypted:
Endpoint=sb://myns.servicebus.windows.net;SharedSecretIssuer=owner;SharedSecretValue=mykey
cheers
I'm developing a client-server app, the client is an iPhone device that communicants with my c# server. The client and server use a textual protocol that i have designed to exchange messages over TCP sockets. Can someone please give me some guidelines how to add basic security to this app?
At this moment the only security element i have is client authentication with log in username and password. But for example anybody can see and read the messages sent between client and server without any problem...
In the mobile environment the user of the application has more control over the device than you do as a developer. There is no way to hide a secret password or key. You must account for a malicious client, so be careful about the functionality that you expose.
Sending the username and password in plain text is a violation of OWASP a9. You should consider using SSL/TLS or HTTPS.
Have you looked at openssl? SSL are cryptographic protocols that provide secure communication. SSL will prevent others from listen on the stream between your client and server.
One thing more you should do is to validate all server input, to prevent executing malicious code on your server. For example if you have a database where you store user input you should take a look at SQL injection.