![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
Security by obscurity vs standard port
Jan. 2nd, 2022 10:05 pmWhen configuring production servers, is it better to use standard ports or non-standard ports ("security by obscurity")?
For SSH, should we use standard port 22 or some unknown port, such as 8756?
For SQL Server, should we use standard port 1433 or non-standard port (e.g. 3433)?
We setup firewalls on our servers.
These firewalls allow access to our servers only from a limited set of IP addresses (our developer machines + IP addresses of tech support of our hosting provider).
The advantage of using standard port is lower maintenance:
Less scripts required for setting up servers.
No need to change default port in client tools (such as PuTTY and SSMS).
The advantage of using non-standard ports -- is additional security [by obscurity].
It is trickier for an attacker to find out what port to attack.
For SSH, should we use standard port 22 or some unknown port, such as 8756?
For SQL Server, should we use standard port 1433 or non-standard port (e.g. 3433)?
We setup firewalls on our servers.
These firewalls allow access to our servers only from a limited set of IP addresses (our developer machines + IP addresses of tech support of our hosting provider).
The advantage of using standard port is lower maintenance:
Less scripts required for setting up servers.
No need to change default port in client tools (such as PuTTY and SSMS).
The advantage of using non-standard ports -- is additional security [by obscurity].
It is trickier for an attacker to find out what port to attack.
