Question about visibility
G.W. Haywood
bind at jubileegroup.co.uk
Thu Oct 25 11:26:49 UTC 2018
Hi there,
On Thu, 25 Oct 2018, Grant Taylor wrote:
> On 10/24/2018 06:15 AM, G.W. Haywood via bind-users wrote:
>
>> A server on a non-standard port is often neglected.? Its security may
>> be less well maintained than one that is intentionally public.
>
> Why and how do you make that correlation?
Years of customers (including a major motor vehicle manufacturer) who
said "The guy that set all this up has left." and "We don't know what
happened to the disc.", and "Oh, we'd forgotten about that one." and...
> Are you implying that some people think that because they've taken one
> step (moving the port) they may think that they don't need to take other
> steps (updating)? ...
No, that was not what I meant to imply at all.
> I've always found that moving the port is one of many steps done to
> improve security.
As was mentioned by other earlier in the thread. No argument there, I
do that too - especially for ssh and VPN connections. But you'd likely
have poor results with a nameserver. :)
> The more important steps being stay up to date.
That being the problem. The |guy left|...|forgotten about it| means
that unless the updating is automatic (and still working - unlikely,
even if it was once) then you more or less have a ticking time-bomb.
Mostly off-topic for this list though.
--
73,
Ged.
More information about the bind-users
mailing list