Re: should I firewall an open port which isn't used? (was ... Re: Guide(s?) to backup philosophies)
On Fri 31 Mar 2017 at 14:18:04 +0200, tomas@tuxteam.de wrote:
> On Sat, Apr 01, 2017 at 01:00:45AM +1300, cbannister@slingshot.co.nz wrote:
>
> [...]
>
> > My understanding is that if there are no services listening on a port then
> > it cannot be accessed.
> >
> > e.g.
> >
> > http://serverfault.com/questions/733633/if-no-service-is-listening-on-a-port-can-a-system-still-be-accessed-using-that-p
> >
> > An I missing something?
I rather thought cbannister had the correct idea: nothing listening;
therefore no access.
> As Dominik said: it's "defense in depth". If your PHP^H^H^H web application
> has some code injection issue, your adversary might well install a C&C
> server listening on that port, and work from there on (exfiltrate data,
> try some privelege escalation, whatever).
>
> Now there might be other avenues for that, but security is about closing
> the avenue your adversary is going to use next ;-)
If someone unauthorised is on your machine can they not just as well
remove firewall rules?
--
Brian.
Reply to: