Re: should I firewall an open port which isn't used? (was ... Re: Guide(s?) to backup philosophies)

To: debian-user@lists.debian.org
Subject: Re: should I firewall an open port which isn't used? (was ... Re: Guide(s?) to backup philosophies)
From: <tomas@tuxteam.de>
Date: Fri, 31 Mar 2017 14:18:04 +0200
Message-id: <[🔎] 20170331121804.GA18992@tuxteam.de>
In-reply-to: <[🔎] 20170331120044.GU8896@localhost.localdomain>
References: <[🔎] ef34df2b-20d7-e2ed-f9a4-875cc09c9b68@cloud85.net> <[🔎] 1da38dbd-57cc-816a-b108-9b1a54159701@holgerdanske.com> <[🔎] slrnocd4r9.8pl.dan@xps-linux.djph.net> <[🔎] b996cffe-6f59-38df-8aa4-35e62a92c150@holgerdanske.com> <[🔎] 20170331120044.GU8896@localhost.localdomain>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sat, Apr 01, 2017 at 01:00:45AM +1300, cbannister@slingshot.co.nz wrote:

[...]

> My understanding is that if there are no services listening on a port then
> it cannot be accessed.
> 
> e.g.
> 
> http://serverfault.com/questions/733633/if-no-service-is-listening-on-a-port-can-a-system-still-be-accessed-using-that-p
> 
> An I missing something? 

As Dominik said: it's "defense in depth". If your PHP^H^H^H web application
has some code injection issue, your adversary might well install a C&C
server listening on that port, and work from there on (exfiltrate data,
try some privelege escalation, whatever).

Now there might be other avenues for that, but security is about closing
the avenue your adversary is going to use next ;-)

regards
- -- tomás
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEUEARECAAYFAljeSPwACgkQBcgs9XrR2kZccACSAtp4XjR4TifCMA1+Ip/j+oM0
wQCfe9snMu/5hvDCXb+5joez/4iPDQ4=
=5oco
-----END PGP SIGNATURE-----

Reply to:

Follow-Ups:
- Re: should I firewall an open port which isn't used? (was ... Re: Guide(s?) to backup philosophies)
  - From: Brian <ad44@cityscape.co.uk>

References:
- Guide(s?) to backup philosophies
  - From: Richard Owlett <rowlett@cloud85.net>
- Re: Guide(s?) to backup philosophies
  - From: David Christensen <dpchrist@holgerdanske.com>
- Re: Guide(s?) to backup philosophies
  - From: Dan Purgert <dan@djph.net>
- Re: Guide(s?) to backup philosophies
  - From: David Christensen <dpchrist@holgerdanske.com>
- should I firewall an open port which isn't used? (was ... Re: Guide(s?) to backup philosophies)
  - From: cbannister@slingshot.co.nz

Prev by Date: Re: should I firewall an open port which isn't used? (was ... Re: Guide(s?) to backup philosophies)
Next by Date: OT: speaking of days (weeks, months, years, etc.) (was: Re: Movie 'n Book recommendations by Curt)
Previous by thread: Re: should I firewall an open port which isn't used? (was ... Re: Guide(s?) to backup philosophies)
Next by thread: Re: should I firewall an open port which isn't used? (was ... Re: Guide(s?) to backup philosophies)
Index(es):
- Date
- Thread