Is it possible for security purposes to restrict access to X11 TCP ports (6001 - 6003) which are used by BOXI? Is there a security risk by having these ports open by them accepting connections from anywhere?

Document ID : KB000021298
Last Modified Date : 14/02/2018
Show Technical Document Details

Question:

Is it possible for security purposes to restrict access to X11 TCP ports (6001 - 6003) which are used by BOXI? Is there a security risk by having these ports open by them accepting connections from anywhere?

Answer:

The X11 TCP ports (6001 - 6003) are not in use by Spectrum Report Manager but are used by BOXI (Business Objects).

BOXI is a 3rd party utility produced by SAP and they have provided the details below:

Xvfb is used by the Crystal Reports portion of the product on UNIX for registry interaction and report rendering. It does not permit external connections into the machine.

If Crystal Reports functionality is not required and Crystal Reports related processes are disabled and shut down, Xvfb is not brought online at all.

This has been the nature of the product since the early days of Crystal Reports on UNIX.