Default ports should be avoided #2
Description
Greetings,
We are security researchers and we are looking for insecure coding patterns and configurations in the microservice architecture repositories. In your repository, we have found instances of default port and HTTP without TLS usage.
According to a recent report default port usages must be avoided: https://www.bleepingcomputer.com/news/security/most-cyber-attacks-focus-on-just-three-tcp-ports/#:~:text=According%20to%20the%20report%2C%20the,(Hypertext%20Transfer%20Protocol%20Secure).
Source: https://github.com/lbroudoux/cheese-quizz/blob/master/kafka-docker-compose.yml
Fix: #1
I am interested to know if you agree with the findings. Any feedback is appreciated.
Further details on default ports:
Data storage, MySQL 3306, reff: https://dev.mysql.com/doc/mysql-port-reference/en/mysql-ports-reference-tables.html
Data storage, Postgres 5432, reff: https://www.postgresql.org/docs/8.3/app-postgres.html
Data storage, MongoDB 27017, reff: https://docs.mongodb.com/manual/reference/default-mongodb-port/
Data transfer, rabbitMQ 5672, reff: https://www.rabbitmq.com/networking.html
Data transfer, Kafka 9092, reff: https://kafka.apache.org/07/documentation.html
Data transfer, HTTP, http 80 , 443 , reff: https://geekflare.com/default-port-numbers/
Data storage, Zookeeper 2181, reff: https://zookeeper.apache.org/doc/r3.1.2/zookeeperStarted.html
Monitoring, zipkin 9411 , reff: https://zipkin.io/pages/extensions_choices