Security Basics mailing list archives
Re: Roger's last comment on changing Port defaults
From: cc <cc () belfordhk com>
Date: Fri, 21 Jan 2005 11:46:54 +0800
Roger A. Grimes sighed and wrote::
Offline, the mail to me has been 75% in support (including many enterprise security officers telling me they have been using the idea for years), 25% think I'm an idiot. I'm not sure which way I'm leaning.
Using non-standard ports is definitely a good way of protecting oneself from the mishmash of aliens out there in the 'Net. That said, it depends on application or rather, the situation.
Imagine a house who's outside walls were nothing but doors-after-doors, wall-to-wall, corner to corner. Most fake, and only one real one. On a normal house, thief tries front or back door (or breaks window) to enter house (or uses some other vector). He still has to try a key, pick it, or bust down the correct door when he finds it. My plan makes it more
Not quite a good analogy in this case. A thief would normally recon the area and determine the suitable target. Say, he selects your house. Seeing that many doors, he wouldn't know which one to break or open. But like I mentioned, he would do a reconnaissance. Check out who goes in and comes out and from which door. Then he'd concentrate his efforts on that particular door. As for non-standard ports, it is one step towards security but not by that much.
Current thread:
- Roger's last comment on changing Port defaults Roger A. Grimes (Jan 20)
- Re: Roger's last comment on changing Port defaults cc (Jan 24)
- RE: Roger's last comment on changing Port defaults David Gillett (Jan 24)
- Re: Roger's last comment on changing Port defaults yonesy (Jan 24)
- Re: Roger's last comment on changing Port defaults cc (Jan 24)