SecurityFocus

server security Jun 20 2012 05:27PM
Littlefield, Tyler (tyler tysdomain com) (3 replies)

Re: server security Jun 20 2012 11:44PM
Alex Dolan (dolan alex gmail com) (3 replies)

Re: server security Jun 21 2012 05:48PM
Tracy Reed (treed ultraviolet org)

Re: server security Jun 21 2012 04:34PM
Mike Hale (eyeronic design gmail com) (4 replies)

Re: server security Jun 22 2012 11:02AM
Rory Browne (rbmlist gmail com) (3 replies)

Re: server security Jun 22 2012 08:27PM
Tracy Reed (treed ultraviolet org)

RE: server security Jun 22 2012 06:09PM
Ron McKown (RMcKown apptio com) (1 replies)

RE: server security Jun 22 2012 08:09PM
Ward, Jon (Jon_Ward SYNTELINC COM) (1 replies)

RE: server security Jun 22 2012 09:30PM
Dave Kleiman (dave davekleiman com) (2 replies)

RE: server security Jun 26 2012 02:35PM
Tommy Thomas (webmaster ocaladesigns com)

Re: server security Jun 22 2012 09:54PM
Tracy Reed (treed ultraviolet org) (2 replies)

RE: server security Jun 22 2012 10:47PM
Dave Kleiman (dave davekleiman com)

Re: server security Jun 22 2012 10:31PM
Tracy Reed (treed ultraviolet org) (1 replies)

RE: server security Jun 22 2012 10:51PM
Dave Kleiman (dave davekleiman com) (2 replies)

Re: server security Jun 23 2012 12:48PM
Ansgar Wiechers (bugtraq planetcobalt net)

Re: server security Jun 22 2012 11:17PM
Rob (synja synfulvisions com)

Although we all know of anecdotal tales where a non standard port was used, or another minor change prevented some sort of mass issue, the fact remains that an automated attack such as that still requires an exploitable service. Changing the port in no way (except for permissions on *NIX) realistically affects the *ability* to compromise. It's a matter of weighing the needs of your specific environment and situation. Every situation is different.

In most cases if the port assignment is the only thing that would have prevented a compromise, you've already been compromised by your own mistakes. Security can't just be about keeping people out, it has to include mitigation for when somebody gets in.

Although let's be honest, we've all had that boss/executive who decided they know better than we do and been forced to implement crap.

Rob

Sent on the SprintÂ® Now Network from my BlackBerryÂ®

-----Original Message-----

From: Dave Kleiman <dave (at) davekleiman (dot) com [email concealed]>

Sender: listbounce (at) securityfocus (dot) com [email concealed]

Date: Fri, 22 Jun 2012 17:51:54

To: security-basics (at) securityfocus (dot) com [email concealed]<security-basics (at) securityfocus (dot) com [email concealed]>

Subject: RE: server security

Tracy,

You would have to admit little layers of security, such as running non-standard ports, can protect you as in the Slammer worm. I am not saying that is the best or recommended solution to a problem, but it can work.

Respectfully,

Dave Kleiman - http://www.ComputerForensicsLLC.com - http://www.DaveKleiman.com

4371 Northlake Blvd #314

Palm Beach Gardens, FL 33410

561.310.8801

-----Original Message-----

From: Tracy Reed [mailto:treed (at) ultraviolet (dot) org [email concealed]]

Sent: Friday, June 22, 2012 18:31

To: Tracy Reed

Cc: Dave Kleiman; security-basics (at) securityfocus (dot) com [email concealed]

Subject: Re: server security

On Fri, Jun 22, 2012 at 02:54:22PM PDT, Tracy Reed spake thusly:

> Many "little layers of security" just aren't worth it.

Clarification: Some "little layers of security" just aren't worth it.

Multiple layers of security certainly are.

--

Tracy Reed

[ reply ]

Re: server security Jun 22 2012 02:51PM
Littlefield, Tyler (tyler tysdomain com)

Re: server security Jun 21 2012 04:47PM
Killian Faughnan (lists killianfaughnan com)

Re: server security Jun 21 2012 04:44PM
Littlefield, Tyler (tyler tysdomain com)

Re: server security Jun 21 2012 02:44PM
Jerome Athias (athiasjerome gmail com)

Re: server security Jun 21 2012 03:52PM
Rob (synja synfulvisions com)

Re: server security Jun 20 2012 06:58PM
Rowland Onobrauche (rowland onobrauche alphadex co uk)

Re: server security Jun 20 2012 06:13PM
Mike Hale (eyeronic design gmail com) (1 replies)

Re: server security Jun 20 2012 06:40PM
Gregory J Bessette schneider-electric com