Hi there,
On Thu, 25 Oct 2018, Grant Taylor wrote:
On 10/24/2018 06:15 AM, G.W. Haywood via bind-users wrote:
A server on a non-standard port is often neglected.? Its security may
be less well maintained than one that is intentionally public.
Why and how do you make that correlation?
Years of customers (including a major motor vehicle manufacturer) who
said "The guy that set all this up has left." and "We don't know what
happened to the disc.", and "Oh, we'd forgotten about that one." and...
Are you implying that some people think that because they've taken one
step (moving the port) they may think that they don't need to take other
steps (updating)? ...
No, that was not what I meant to imply at all.
I've always found that moving the port is one of many steps done to
improve security.
As was mentioned by other earlier in the thread. No argument there, I
do that too - especially for ssh and VPN connections. But you'd likely
have poor results with a nameserver. :)
The more important steps being stay up to date.
That being the problem. The |guy left|...|forgotten about it| means
that unless the updating is automatic (and still working - unlikely,
even if it was once) then you more or less have a ticking time-bomb.
Mostly off-topic for this list though.
--
73,
Ged.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
