Well thats a bit of an iffy one. I'd say it IS a security measure, albeit one that is solely effective if and only if compounded with other measures.
It's unlikely, but you never know, you just might miss out on a nasty worm all because you werent running on a default port one day. On Thu, Jun 21, 2012 at 8:52 AM, Rob <[email protected]> wrote: > We need to make a distinction between security and obscurity here. The only > time changing ports actually hardens a service in any way is when the port > requires elevated rights to bind, changing to 1025 for example removes the > root requirement. Any actual or theoretical vulnerabilities still exist. If > somebody is looking at your server, they'll find the port without much > trouble. Alternate ports can remove junk traffic from logs, so there is a > benefit, if not entirely a security one. > > Rob > > > Sent on the Sprint® Now Network from my BlackBerry® > > -----Original Message----- > From: Alex Dolan <[email protected]> > Sender: [email protected] > Date: Thu, 21 Jun 2012 07:44:57 > To: Littlefield, Tyler<[email protected]> > Cc: <[email protected]> > Subject: Re: server security > > One tip I have is to set SSH to a port other than 22, I don't need to > tell anyone how devastating it is if someone did actually get access > to that service. Putting it on some other port reduces your risk > > On Thu, Jun 21, 2012 at 1:27 AM, Littlefield, Tyler <[email protected]> > wrote: >> Hello: >> I have a couple questions. First, I'll explain what I did: >> I set up iptables and removed all unwanted services. Iptables blocks >> everything, then only opens what it wants. I also use the addrtype module to >> limit broadcast and unspec addresses, etc. I also do some malformed packet >> work where I just drop everything that looks malformed (mainly by the >> flags). >> 2) I secured ssh: blocked root logins, set it up so only users in the >> sshusers group can connect, and set it only to allow ppk. >> 3) I installed aid. >> 4) disabled malformed packets and forwarding/etc in sysctl. >> This is a basic web server that runs email, web and a couple other things. >> It's only running on a linode512, so I don't have the ability to set up a >> ton of stuff; I also think that would make things more of a mess. What else >> would be recommended? >> Also, I'm looking to add something to the web server; sometimes I notice >> that there are a lot of requests from people scanning for common urls like >> wordpress/phpbb3/etc, what kind of preventative measures exist for this? >> >> >> -- >> Take care, >> Ty >> http://tds-solutions.net >> The aspen project: a barebones light-weight mud engine: >> http://code.google.com/p/aspenmud >> He that will not reason is a bigot; he that cannot reason is a fool; he that >> dares not reason is a slave. >> >> >> ------------------------------------------------------------------------ >> Securing Apache Web Server with thawte Digital Certificate >> In this guide we examine the importance of Apache-SSL and who needs an SSL >> certificate. We look at how SSL works, how it benefits your company and how >> your customers can tell if a site is secure. You will find out how to test, >> purchase, install and use a thawte Digital Certificate on your Apache web >> server. Throughout, best practices for set-up are highlighted to help you >> ensure efficient ongoing management of your encryption keys and digital >> certificates. >> >> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 >> ------------------------------------------------------------------------ >> > > ------------------------------------------------------------------------ > Securing Apache Web Server with thawte Digital Certificate > In this guide we examine the importance of Apache-SSL and who needs an SSL > certificate. We look at how SSL works, how it benefits your company and how > your customers can tell if a site is secure. You will find out how to test, > purchase, install and use a thawte Digital Certificate on your Apache web > server. Throughout, best practices for set-up are highlighted to help you > ensure efficient ongoing management of your encryption keys and digital > certificates. > > http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 > ------------------------------------------------------------------------ > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
