About malicious ports

weiqiang_wang · ‎2024-02-29

Thank you Chetan_MN,

You answered my question (https://community.qlik.com/t5/Deployment-Management/concerns-about-some-of-the-port-numbers/m-p/2421...)

I would like to continue to ask additional questions based on this.
My client is a government department and they have very high requirements for cyber security. They want to know if there is any suspicion of malicious ports among all the network ports used by Qlik Sense, such as 4444, some backdoor and Trojan horse software opens and uses TCP port 4444 to listen in, communicate, forward malicious traffic from the outside, and send malicious payloads. Some malicious software that has used this port includes Prosiak, Swift Remote, and CrackDown.

Are you able to confirm that the port numbers listed in this document(Ports | Qlik Sense for administrators Help) are not malicious ports.

if my customer does not agree to use some suspected ports, is it possible to change these port numbers through some configuration?

Thanks!

Levi_Turner · ‎2024-02-29

No, it is not possible to change Qlik Sense from using port 4444.

Ports are not malicious. Ports are used for traffic and these ports may also be used by malicious applications. Qlik's usage of port 4444 is not more or less malicious than Qlik's usage of port 443. Port 443 is for HTTPS traffic which is the primary vessel by which malware / trojans / malicious software is downloaded to computers (the malicious actor downloads a malicious package from a remote server using HTTPS to encrypt the traffic to ensure that basic internet firewalls / monitoring does not detect it).

Client Managed

General Question

Governance

Security