RE: non-default ports (Was: Remote Desktop vs VPN on Windows 2003)

• Previous message: Hamid . K: "Re: Vulnerabilty Assessment & Whisker Doubts"
• In reply to: Joe Dumass: "RE: Remote Desktop vs VPN on Windows 2003"
• Next in thread: Roger A. Grimes: "RE: Remote Desktop vs VPN on Windows 2003"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 19 Jan 2005 12:03:38 +0200 (IST)
To: Joe Dumass <joe_dumass@hotmail.com>

The best thing you should do is to install secure software and do not
use default ports unless absolutely necessary (e.g., domain, smtp,
...) Of course, non-default port would not protect you from an
adversary who wants to attack your network, but it helps to distinct
such adversaries from viruses/worms. This way it protects you
(log-reader) from a "DoS attack on a log-reader". For example, then I
use default ssh port I have on average a login attempt (automated
user/password bruteforcing) each second, now I have failed password
only from legitimate users (who failed to setup a ssh client
propertly). Note that since we do not use password authentication
there is no hope somebody can find a password, still my logs are
significantly reduced since I start to use a non-default port.

On Tue, 18 Jan 2005, Joe Dumass wrote:
> I think that the problem with arbitrarily assigning services to non-standard
> ports is that it disrupts the flow of communication. Is it somewhat more
> secure against worms, etc? Maybe... but the protocol definition exists to
> define how to standardize communication for a reason. If our partners go
> out and redefine https to non-standard ports, we would have to open new
> rules in our firewalls to allow communication to them, resulting in a less
> secure environment than simply allowing out-bound 443, and more of an
> administrative burden of trying to remember what outbound 8888, 4422, 1192,
> 65213, etc are.

Why do you think that limiting outbound ports makes YOUR environment
any safer as long as you open at least one port? Note that most
spyware use http (probably thru proxy) anyway. By closing outbound
ports you can protect others from worms running on your computers, but
worms usually do not use non-default ports anyway.

-- 
Regards,
ASK

• Previous message: Hamid . K: "Re: Vulnerabilty Assessment & Whisker Doubts"
• In reply to: Joe Dumass: "RE: Remote Desktop vs VPN on Windows 2003"
• Next in thread: Roger A. Grimes: "RE: Remote Desktop vs VPN on Windows 2003"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: newbie with www user security problem ... The box is secure that much i have found out. ... everyone passwords on the box. ... i am in the process of upgrading the ports now and there are problems ... page and more customization. ... (FreeBSD-Security) Re: Election Poll ... against a nuclear attack or a "dirty bomb". ... There is NO way to secure our ports from said attacks or bombs. ... (alt.machines.cnc) Re: Subdomain security ... Here is a small list of the ports that I am talking about - ... I have to install a *secure* windows domain inside an insecure network. ... This means that my domain will be behind a firewall ofcourse. ... My domain would actually be a subdomain inside the insecure ... (Focus-Microsoft) Re: Firewall old computer ... how will I implement a firewall solution on it. ... could you please tell me how to find out all of the ports ... >> windows is secure. ... script) for installing OpenBSD and then starting the firewall. ... (comp.security.firewalls) Re: Re: Are Windows Messenger Messages Easily Intercepted? ... > did catch my eye as I know of many people whom ports would ... to use a diffrent MSN client such as GAIM, ... encyption which is more or less the same as IM secure, ... (microsoft.public.windowsxp.help_and_support)