RE: server security

[Dave Kleiman <dave () davekleiman com>]

Tracy,

Not my servers, I usually see things post incident on others systems.

As with anything you have to weigh the options, certainly not every option fits every need or configuration.  I have 
seen servers not hardened, sometimes not even patched just because they were behind a firewall and they thought that 
would protect them.


Respectfully,

Dave Kleiman - http://www.ComputerForensicsLLC.com - http://www.DaveKleiman.com

4371 Northlake Blvd #314
Palm Beach Gardens, FL 33410
561.310.8801 




-----Original Message-----
From: Tracy Reed [mailto:treed () ultraviolet org] 
Sent: Friday, June 22, 2012 17:54
To: Dave Kleiman
Cc: security-basics () securityfocus com
Subject: Re: server security

On Fri, Jun 22, 2012 at 02:30:01PM PDT, Dave Kleiman spake thusly:
> I know I have seen a plethora of 3389 automated scans and upon 
> successful connection, attempted password attacks, what would happen 
> if I changed to some other port?

Why isn't there a firewall restricting who can connect to your db server?

Why aren't you requiring something better than just password auth?

You change the default port but you don't implement these far more effective controls? 

> Sometimes security through obscurity does work.  I am certainly not 
> suggesting it would protect you from an Advanced Persistent Threat, 
> but every little layer of security affords a little protection, deterrence, or delay.

It sets a bad precedent and doesn't scale when you have to worry about changing the default ports on a bunch of 
database servers and apps. Many "little layers of security" just aren't worth it.

--
Tracy Reed