When you move FTP to a non-standard port, you will reduce the incoming attempts at low hanging fruit. With any risk assessment there is the factor of cost vs. FTP is unencrypted, and, while that is not applicable to your question, it is very risky to use an unencrypted connection for anything except on-site LAN access.Īlso consider using a VPN, which gives you secure remote LAN access. It is highly recommended that you stop using FTP and switch to SFTP (SSH) to protect your credentials from getting out. You do not need to allow access from any other IP address. For example, it is likely that there are only certain buildings in the world that you would use to access the FTP server. The best thing to do with an FTP service is to limit the IP addresses that can access it. Changing the Default Port is a simple thing you can do if you are not confident about the security as-is.Probably not so much against a targeted attack. This is often considered Security Through Obscurity and is frowned upon due to its limited effect, but you cannot deny that it does improve your security to some degree, especially against robot vulnerability scanners. So now you know the two most common attacks, to answer your question specifically, yes, a non-default port number will reduce the likelihood of such an attack, especially in regards to those robots which are scanning the internet for vulnerabilities. If the FTP server is poorly configured, for example having a default username/password, or a weak password on a neglected (or privileged) account, then a brute force attack may easily be able to get through. On the other hand, if the server is out of date then you risk robots that scan for well-known vulnerabilities that otherwise would have been fixed. If your FTP server is always kept up to date, then usually that means there are not going to be any known exploits against that application.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |