 DanielPremium,MVM
join:2000-06-26
San Francisco, CA | said by Snowy:said by javaMan: Only that I don't agree that doing so adds security in the sense of real protection. I totally agree that if an FTP server has an exploitable weakness it doesn't matter which port it's listening on. The weakness will exist regardless of port number. Weaknesses don't exist in a vacuum. They are combined with threats to arrive at risks. They work together. If either the weakness or the threat becomes more serious, the risk increases, and if either the threat or weakness is reduced to zero the risk disappears altogether.
So what we're doing here, using that simple formula, is reducing the threat by reducing our exposure to it. We have a massive, evil attack taking place on port 22. So we sidestep and move to port 34,291. The "threat" to our daemon is now SIGNIFICANTLY reduced since we can clearly document that very few attackers are hitting people on port 39,291.
And since we've reduced the threat it doesn't matter if we haven't reduced our vulnerability; we've still lowered our risk.
--
dmiessler.com -- grep understanding knowledge |
·
·