Security Basics mailing list archives

Re: server security

From: "Rob" <synja () synfulvisions com>
Date: Fri, 22 Jun 2012 23:17:52 +0000

Although we all know of anecdotal tales where a non standard port was used, or another minor change prevented some sort 
of mass issue, the fact remains that an automated attack such as that still requires an exploitable service. Changing 
the port in no way (except for permissions on *NIX) realistically affects the *ability* to compromise. It's a matter of 
weighing the needs of your specific environment and situation. Every situation is different.

In most cases if the port assignment is the only thing that would have prevented a compromise, you've already been 
compromised by your own mistakes. Security can't just be about keeping people out, it has to include mitigation for 
when somebody gets in.

Although let's be honest, we've all had that boss/executive who decided they know better than we do and been forced to 
implement crap.

Rob
Sent on the Sprint® Now Network from my BlackBerry®

-----Original Message-----
From: Dave Kleiman <dave () davekleiman com>
Sender: listbounce () securityfocus com
Date: Fri, 22 Jun 2012 17:51:54 
To: security-basics () securityfocus com<security-basics () securityfocus com>
Subject: RE: server security

Tracy,

You would have to admit little layers of security, such as running non-standard ports, can protect you as in the 
Slammer worm.  I am not saying that is the best or recommended solution to a problem, but it can work.


Respectfully,

Dave Kleiman - http://www.ComputerForensicsLLC.com - http://www.DaveKleiman.com

4371 Northlake Blvd #314
Palm Beach Gardens, FL 33410
561.310.8801 


-----Original Message-----
From: Tracy Reed [mailto:treed () ultraviolet org] 
Sent: Friday, June 22, 2012 18:31
To: Tracy Reed
Cc: Dave Kleiman; security-basics () securityfocus com
Subject: Re: server security

On Fri, Jun 22, 2012 at 02:54:22PM PDT, Tracy Reed spake thusly:

Many "little layers of security" just aren't worth it.


Clarification: Some "little layers of security" just aren't worth it. 

Multiple layers of security certainly are.

-- 
Tracy Reed

Current thread:

Re: server security, (continued)
- - - Re: server security Littlefield, Tyler (Jun 21)
    - Re: server security Killian Faughnan (Jun 21)
    - Re: server security Rory Browne (Jun 22)
    - Re: server security Littlefield, Tyler (Jun 22)
    - RE: server security Ron McKown (Jun 22)
    - RE: server security Ward, Jon (Jun 22)
    - RE: server security Dave Kleiman (Jun 22)
    - Re: server security Tracy Reed (Jun 22)
    - Re: server security Tracy Reed (Jun 22)
    - RE: server security Dave Kleiman (Jun 22)
    - Re: server security Rob (Jun 22)
    - Re: server security Ansgar Wiechers (Jun 25)
    - RE: server security Dave Kleiman (Jun 22)
    - RE: server security Tommy Thomas (Jun 26)
    - Re: server security Tracy Reed (Jun 22)
  - Re: server security Tracy Reed (Jun 21)
- Re: RE: server security krymson (Jun 28)
  - RE: RE: server security Primrose,Jacqueline (HHSC) (Jun 28)
- RE: server security krymson (Jun 28)