I have a small home network and I'm trying to balance the need for security versus convenience. The safest way to secure internal web servers is to only connect using VPNs but this seems overkill to protect a DVRs remote web interface (for example).
As a compromise, would it be better to use very large ports numbers? (eg. five digits up to 65531)
I've read that port scanners typically only scan the first 10,000 ports so using very high port numbers is a bit more secure.
Is this true?
Are there better ways to protect web servers? (ie. web guis for applications)
Best Answer
Many people believe this. I don't.
Maybe it's a bit more secure, but not much. The low numbered ports are more common, so some scanners will look there first.
If I was a cracker, I would scan the high ports first, just to catch people who rely on this method for security. People who rely on security-through-obscurity probably have a poor understanding of security, and are more likely to forget to use other security methods. Therefore, those services might be more vulnerable, and easier to crack.
Some scanners exploit this believe, and start at the top and work their way down the list. Other scans will pick random ports throughout the entire range, so all ports have an equal chance of being scanned.
Go ahead and test this yourself using NMAP. Run an nmap scan against ports 1-10,000 and look for a HTTP server, and compare that against a scan which scans against all 1-65,xxx ports. You'll see that the difference is typically 3-10 minutes. If I make a detailed scan using something like Nessus, the difference is sometimes 20-60 minutes.
A good cracker is a patient cracker. They will wait.