[SATLUG] Questions about home server security: non-standard ports
brad at shub-internet.org
Fri Feb 15 20:01:12 CST 2013
On Feb 15, 2013, at 1:28 PM, Frank Huddleston <fhuddles at gmail.com> wrote:
> Thanks for the suggestions about security on a home server. I see that one thing people do is use non-standard ports.
> I have done that myself, but get the feeling that it's just security through obfuscation and does nothing more than put a little hurdle in the way of a cracker, and increases complexity. So what do you think: is this worthwhile as a security measure?
It is "security through obscurity", and if that were the only measure you were taking, then it definitely wouldn't be enough. If you do that after doing all the other important stuff, then it probably won't hurt. But there is a point at which I believe that additional obscurity doesn't really help anymore. And I would put port knocking in that category.
Changing ports won't stop anyone using more intelligent tools like Metasploit, but there are some "skr1pt k1dd13" toolkits out there that are not that intelligent.
Raise the bar a few inches, and that makes it more difficult for the ones who can't deal with anything more complex than a BigWheel tricycle, but you're not going to even slow down the slightly older kids who might like to ride BMX-style bikes and go "curb hopping" for fun.
Brad Knowles <brad at shub-internet.org>
LinkedIn Profile: <http://tinyurl.com/y8kpxu>
More information about the SATLUG