I run an intranet and a staging server on non-standard ports (8000 and 8080). This works great for our internal purposes, but every now and then a student will want to show a work-in-progress to an external organization. And every now and then, that organization lives behind one of those Stalinist corporate firewalls that blocks everything but port 80, which means they can’t access the content, which means the student comes to me baffled, I explain the situation, and no one understands what I’m talking about. Somehow it always comes off as if I’m the one blocking the traffic. Ports are hard to explain to non-tech people. If I ask them to ask their sysadmins to back off a bit and open up traffic on these ports, I always get the same “we don’t do that for security reasons.” Well, duh.
Does it really make security sense for organizations to blindly block everything but port 80? The internet runs on ports. It’s all about ports. There’s got to be a more sensible way to accomplish your security goals than to slam the door in the face of other services. Are they being paranoid or am I expecting too much?