RE: non-default ports (Was: Remote Desktop vs VPN on Windows 2003)

[Alexander Klimov <alserkli () inbox ru>]

The best thing you should do is to install secure software and do not
use default ports unless absolutely necessary (e.g., domain, smtp,
...) Of course, non-default port would not protect you from an
adversary who wants to attack your network, but it helps to distinct
such adversaries from viruses/worms. This way it protects you
(log-reader) from a "DoS attack on a log-reader". For example, then I
use default ssh port I have on average a login attempt (automated
user/password bruteforcing) each second, now I have failed password
only from legitimate users (who failed to setup a ssh client
propertly). Note that since we do not use password authentication
there is no hope somebody can find a password, still my logs are
significantly reduced since I start to use a non-default port.

On Tue, 18 Jan 2005, Joe Dumass wrote:
> I think that the problem with arbitrarily assigning services to non-standard
> ports is that it disrupts the flow of communication.  Is it somewhat more
> secure against worms, etc?  Maybe... but the protocol definition exists to
> define how to standardize communication for a reason.  If our partners go
> out and redefine https to non-standard ports, we would have to open new
> rules in our firewalls to allow communication to them, resulting in a less
> secure environment than simply allowing out-bound 443, and more of an
> administrative burden of trying to remember what outbound 8888, 4422, 1192,
> 65213, etc are.

Why do you think that limiting outbound ports makes YOUR environment
any safer as long as you open at least one port? Note that most
spyware use http (probably thru proxy) anyway. By closing outbound
ports you can protect others from worms running on your computers, but
worms usually do not use non-default ports anyway.

-- 
Regards,
ASK