[SATLUG] Re: Questions about home server security: non-standard ports

Don Davis dondavis at reglue.org
Fri Feb 15 15:04:20 CST 2013


Yes. It's worth doing. By moving to a non-standard port you'll make
yourself less susceptible to the thousands of script kiddies cluelessly
running whatever scripts they found wherever.

For all this discussion, you might find it worthwhile to set ports 22,
80, 443, 8080, 25 as tar pits.

If you move ssh to port 443, it'll look like https traffic.


You are right. A dedicated cracker may very well figure out what you're
doing quite quickly - but if a dedicated cracker is trying to get at you
- you have much bigger problems to worry about.

Port-knocking may be worthwhile but overkill

disabling ssh passwords & using keys only

one time passwords may be useful as well
http://www.freebsd.org/doc/handbook/one-time-passwords.html

The most obvious angles of attack would be wireless - what is he / what
are you using? A 12 year old with a palm pilot can crack wep. WPA is
safer but not flawless.


Also worth mentioning - it seems like he's using Windows, which is very
susceptible to malware - more likely to put him at risk than whatever
you're doing.

How many ports were you opening up?

On 02/15/2013 01:28 PM, Frank Huddleston wrote:
> Greetings,
> 
>   Thanks for the suggestions about security on a home server. I see that
> one thing people do is use non-standard ports.
> I have done that myself, but get the feeling that it's just security
> through obfuscation and does nothing more than put a little hurdle in
> the way of a cracker, and increases complexity. So what do you think: is
> this worthwhile as a security measure?
> 
> Thanks,
> 
> Frank Huddleston
> 


More information about the SATLUG mailing list