10 crazy IT security tricks that actually work

IT security threats are constantly evolving. It's time for IT security pros to get ingenious

By Roger A. Grimes, InfoWorld |  Security

Critics of this method of defense say it's easy for a hacker to find where the default port has been moved, and
this is true. All it takes is a port scanner, like Nmap, or an application
fingerprinter, like Nikto, to identify the app running on the nondefault
port. In reality, most attacks are automated using malware, which as stated, only go for default ports, and most
hackers don't bother to look for nondefault ports. They find too much low-hanging fruit on default ports to be
bothered with the extra effort.

Years ago, as an experiment, I moved my RDP port from 3889 to 50471 and offered a reward to the first person to
find the new port. Two people discovered the port right away, which was no surprise; because I told them what I
did, it's easy to discover the right spot. What blew me away is that tens of thousands of hacker wannabes, scanning
my system for the new port using Nmap, didn't realize that Nmap, if left to its own defaults, doesn't look on
nondefault ports. It proved that by doing a simple port move you significantly reduce your risk.

Innovative security technique No. 5: Installing to custom directoriesAnother
security-by-obscurity defense is to install applications to nondefault directories.

This one doesn't work as well as it used to, given that most attacks happen at the application file level today,
but it still has value. Like the previous security-by-obscurity recommendations, installing applications to custom
directories reduces risk -- automated malware almost never looks anywhere but the default directories. If malware
is able to exploit your system or application, it will try to manipulate the system or application by looking for
default directories. Install your OS or application to a nonstandard directory and you screw up its coding.

On many of my honeypots, I install the OS to nondefault folders -- say, in C:/Win7 instead of C:/Windows. I
usually create the "fake" folders that mimic the real ones, had I installed the software and taken the defaults.
When my computers get attacked, it's easy to find complete and isolated copies of the malware hanging out in the
C:/Windows/System32 folder.

Changing default folders doesn't have as much bang for the buck as the other techniques mentioned here, but it
fools a ton of malware, and that means reduced risk.


Originally published on InfoWorld |  Click here to read the original story.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question