Results 1 to 2 of 2

Thread: ADP Payroll - Security through obscurity?

  1. #1
    Senior Member
    Join Date
    Apr 2002
    Posts
    711

    ADP Payroll - Security through obscurity?

    More interesting questions from the FW-Wiz mailing list...

    ADP Payroll


    I'm looking for people with experience using a particular ADP
    payroll software package. This software runs under MS Windows and
    connects to ADP's servers over the Internet. ADP support has been
    unable to provide the information necessary to do a risk analysis.
    These are the only details I've been able to gather after almost
    two weeks and over a dozen calls:

    1) ADP asks clients to open their firewall ports 80, 443, 6847,
    6848, 6849, and 5282, bi-directionally.

    The client computer, normally a Windows PC, becomes a server when
    ADP's payroll software is installed and will accept connections from
    any IP addresses.

    [...]
    The post goes on and, in-general (and IMO) makes ADP look pretty, ummm... not sure "stupid" is quite the right word, but...
    \"Windows has detected that a gnat has farted in the general vicinity. You must reboot for changes to take affect. Reboot now?\"

  2. #2
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,785
    i've seen software like this before and in setting up the firewall for it, only connections from a particular ip address and port range are accepted.
    one port is configured out, one in and one bi-directional

    i don't think adp is that stupid, but i could be wrong. and no admin in his right mind would allow any ip to connect to these (upper) ports, knowing what they're used for.

    i don't know, this just dosn't sound right to me.
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •