 DanielPremium,MVM
join:2000-06-26
San Francisco, CA
2 edits | reply to EGeezer
Re: Security and Obscurity: Changing Daemon Ports said by EGeezer:As for raising your security, I'd correct that to say you reduce your exposure. Which in turn does what? 
Exposure is a component of security. So if you added better spices to a dish and I said you improved the dish's taste, you shouldn't correct me by saying that I only added better spices. I did both.
--
dmiessler.com -- grep understanding knowledge |
 EGeezerSummertimePremium
join:2002-08-04
Midwest
kudos:7
 ·Callcentric
2 edits | I didn't write that properly or completely, thanks for pointing that out. I should have followed with a statement that reduced exposure is a valid security measure. I do continue to maintain changing defaults is primarily a reduction in exposure, which is, as you pointed out, a valid component of security implementation. I'm thinking in terms of component nomenclature.
Rambling on now, 
My logs bear out that once these auto-bots scan the standard port and get no response from it, they don't come back to attempt further exploits related to the standard port. At that point I've avoided a "second look" by the autobot or at the minimum, avoided having my IP logged as "interesting" and recorded for further scans on other common service ports.
Thus, we've thwarted a large number of common attempts (Based on the logs I review) at the initial attack stage by simply changing ports. If there would be other more personalized attempts, there would be more hurdles to overcome.
As for being a real issue, my experience in my little circle bears out that autobots are real issues, and reducing exposure is one valid step in dealing with them.
--
Mayors of New York come from nowhere and go nowhere.
Wallace Sayre (apparently, so do governors... ) |
