Monday, 7 September 2015

Expert: Adjusting Default Port VNC Or SSH Bad Idea


System administrators or users to change the default port of VNC, SSH or other protocols or services are not sensible and engaged only create a false sense of security. That allows John Matherly, founder of the search engine Shodan. This search engine is designed to find all kinds of systems on the Internet, such as routers, modems, webcams, SCADA systems and other equipment.

Also all kinds of services can be found via Shodan. Matherly decided to investigate how many Virtual Network Computing (VNC) without authentication. Via VNC, it is possible to operate a system remotely. In case there is no authentication is set to have an attacker only the IP address of the system to know to connect to it and access. Matherly discovered 8,000 VNC installations without a password could be used to log on. What struck me was that in about half of these installations, the default port was changed.

Standard VNC running on port 5900, but nearly 4000 system was the port number changed to 5901. "I think a lot of people to change the default port with the idea that if their service is hidden," notes Matherly on. However, this behavior not only plays with VNC installations. Also with SSH, a protocol to remotely control computers, this happens often. Please choose people often slightly different numbers, but according Matherly people are not really good at coming up with random numbers.

In the industrial sector customizing port numbers also occurs. Use as many factories and production Modbus industrial control system. Standard Modbus runs on port 502, but there are also hundreds of installations on the Internet listening on port 503. There are, however, to find all kinds of tools and scanners that these custom port numbers can still be found.According to Matherly is therefore to change the port number, nothing more than a palliative and it only gives a false sense of security.

No comments:

Post a Comment