Thanks for the mail sending help at the last meeting
Matthew Gillen
me at mattgillen.net
Fri Aug 25 10:32:04 EDT 2006
David Kramer wrote:
> Is there any security risk from using the default port and IP address
> for VPN, or should I change it to something more obscure?
Running on non-standard ports doesn't /really/ buy you any additional
security, even though it feels like it does. It might stop some
script-kiddies, but it won't stop (barely even slow down) someone who knows
what they're doing. (and of course eventually the port-scanning of the script
kiddies will get more sophisticated)
It's generally better to have the "this service is exposed! I must watch it!"
feeling, than to have the "this service is hidden, I don't need to worry about
its security issues" attitude when the service isn't hidden very well at all.
If you're really paranoid, you can look into setting up a port-knocking scheme:
http://en.wikipedia.org/wiki/Port_knocking
Matt
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the Discuss
mailing list