RE: Sunbelt: Anatomy of a Malicious Host File Hijack

["Todd Towles" <toddtowles () brookshires com>]

> This is a method plenty of people use... I've worked at 
> several companies that want to run applications/servers but 
> are concerned about the visibility... so they run them on 
> some random port.  For example (though this example is really 
> obscurity and customization), why run FTP on 21 when it's 
> designed to be a closed service between trusted clients... 
> why not run it on 5467?  Does this enhance security in any 
> way? DEFINITELY NOT!!... but it does eliminate 99% of default 
> port scans just looking for FTP running on 21.  I wouldn't 
> recommend it... but I understand the theory behind it....

I would recommend it, but only as a part of a multiple defense system.
It is true that security thru obsurity (and security thru customization)
can break apps and generally cause problems, that isn't the examples I
am looking for. I wanted more simple examples, like the IE Toolbar move
customization. It is easy for a normal internet to notice the change in
the URL location as opposed to knowing that a IFRAME has taken over the
location where the bar would normally be...etc.

Perhaps they aren't too many examples, but I know of a couple
more...Matt Davis gave the example of renaming the guest account to
administrator and logging all access..which would imply you rename the
Administrator account as well. This is security thru customization, you
take the standard and make it non-standard without little or zero
negative effect. But I guess you could call that security thru obscurity
as well..but not really. Comments?

-Todd 

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.