6

Are there any security benefits to setting up the ports on your firewall to non-standard numbers?

For example, using port 15 for the SQL service, or 8443 for https.

dakini
  • 413
  • 1
  • 3
  • 16
Terry
  • 1,125
  • 1
  • 9
  • 16
  • I voted as duplication because even though the service is different the principles remain the same. – RoraΖ Feb 02 '16 at 14:31

4 Answers4

13

If the port is accessible from the outside, it cuts down on the number of random scan: most of the simplest automated scanners will simply check the default port.

However, it can also induce a false sense of security: it doesn't provide any actual protection from anyone using a more sophisticated tool.

So, from a security point of view, it's useless. From an operational point of view, though, it can potentially create less log you'll have to dig through (and maybe make it easier on your authentication component).

Stephane
  • 18,607
  • 3
  • 62
  • 70
11

It slightly offers some benefits. This is so called security through obscurity. There are many scanners active on the internet that have a default set of ports that they scan (like 21 (FTP), 22 (SSH), 25 (SMTP), 80 (WWW), 110 (POP3), 443 (SSL) etc.). By using alternative ports you fend off some of those scanners.

I know from experience that if you have an SSH daemon running on a server that is on the default port of 22, it will be scanned multiple times a day and once they detect SSH, they will likely try some logins, if not brute-force it.

By using an alternative port, you prevent these kind of "random" attacks on your server. I use an alternative SSH port on some of my servers and notice a significant lower amount of scans/login attempts from unknown sources.

But, if someone is specifically targetting your system and not just doing a quick scan, there is definitely no benefit. As they will undoubtedly scan ports 1:65535 all the way and leave no stone unturned. So it offers no real security, it just hides your services in the shadows where not everyone cares to look for them.

Oldskool
  • 400
  • 1
  • 10
1

It depends on whom you want to protect your services from. This security through obscurity attempt will only protect you from attackers that aim for quantity not for a specific target. If you are targeted by a person who deserves the description hacker it won't really help you.

davidb
  • 4,303
  • 3
  • 20
  • 32
0

Nope not at all. An attacker can simply execute the following nmap command to identify the port number.

nmap -sV --script=banner

https://nmap.org/nsedoc/scripts/banner.html

http://securityblog.gr/1624/banner-grabbing-with-nmap/

Michal Koczwara
  • 1,580
  • 3
  • 15
  • 27