January 19, 2017 at 8:48 am
GeorgeCopeland - Thursday, January 19, 2017 7:51 AMI always advise my fellow technologists to avoid providing advice in areas where they have no expertise, especially the law.
Do you have the expertise to provide that advice?
Gaz
-- Stop your grinnin' and drop your linen...they're everywhere!!!
January 19, 2017 at 8:53 am
I would agree that legal speculation isn't valuable unless you are a legal professional with experience here. Even then, the way western law systems work is that despite precedent, the decision in any particular court case could go either way.
I doubt that a honeypot would be considered any sort of enticement or entrapment, but I'd get an opinion from corporate legal counsel before setting one up.
January 19, 2017 at 11:45 am
Steve Jones - SSC Editor - Thursday, January 19, 2017 8:53 AMI would agree that legal speculation isn't valuable unless you are a legal professional with experience here. Even then, the way western law systems work is that despite precedent, the decision in any particular court case could go either way.I doubt that a honeypot would be considered any sort of enticement or entrapment, but I'd get an opinion from corporate legal counsel before setting one up.
Yes, anyone thinking about doing something like this should definitely get sign off from executive management, network operations, and corporate legal counsel.
"Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho
January 19, 2017 at 11:51 am
By definition, experts know the bounds of their expertise.
April 28, 2017 at 9:03 pm
djackson 22568 - Friday, January 13, 2017 10:08 AMI have heard this from our security team, and also seen it from security experts in the industry:"Security by obscurity is not security at all."
Changing a port has less than zero value in preventing unauthorized access.
Trouble with that phrase is it's so easy to misinterpret.
For example, whatever encryption I use, if the attacker can see the keys I'm not secure. So I have to obscure the key, so tth attacker can't see it. oh dear, that's what we have just said is not security!
Changing a port has definite positive value: it eliminates all the attackers who don't know how to look for an different port. That's probably a large proportion of attackers, given how many script kiddies are out there. In a while, there'sll be scripts that search for the port - so what, until that happens the changed port number is providing a significant degree of protection.
Tom
April 28, 2017 at 9:18 pm
djackson 22568 - Friday, January 13, 2017 2:18 PMAnd I did not mean to imply that it would reduce security. Just that it doesn't actually benefit security. While some may disagree, hence probably why Steve is asking for our opinions, that is my view.
You didn't imply it, you said in plainly and explicitly:
Changing a port has less than zero value in preventing unauthorized access.
What else can "less than zero value" mean?
And it does benefit security, quite clearly: if 90% of attacks are from script kiddies who haven't a clue, you've improved your chance of surival from an attack by a factor of 10. Using very complex passwords and a decent firewall and so on may improve your chance of surviving an attack by a factor of 10 million, but it no more reduces the chance of not surviving to 0 that does the simple change of port number. So the port number change might be about 1 millionth as useful as the complex passwords and decent firewall and so on, but unless you claim that the complex passwords, decent firewall etc. are zero value a millionth of that is not zero, and is certainly not "less than zero".
Tom
April 28, 2017 at 10:25 pm
GeorgeCopeland - Thursday, January 19, 2017 11:50 AMBy definition, experts know the bounds of their expertise.
Oh, if only that were true! Unfortunately there is no legal constraint on calling oneself an expert, and mostly people whoclaim to be experts are believed whether they are or are not.
I've had C++ experts who thought the STL had no iterators, T-SQL experts who thought that the content of <whatever> in "exists(select <whatever> from something)" could have a massive effect on performance other than compile time performance, telecomms experts who thought that the Shannon-Hartley law said "bit rate <= 2*bandwidth", and all sorts of experts who hadn't a clue but were prepared to make positive statements (and argue them if challenged) about things concerning which they clearly hadn't a clue.
Dealing with experts who have no idea where their expertise ceases to be expertise and turns into myth or downright nonsense was one of the banes of my working life.
Tom
April 29, 2017 at 11:29 pm
The discussion here makes me regret missing the editorial when it was originally published.
As for myself, I always change the port and will continue to do so. There's no harm in it and if people can't deal with including a port number, then they shouldn't be using my SQL Server to begin with. If a port scanner isn't detected by the firewall, then the network administration team doesn't have the system they think they have. They need to handle their layers of the security architecture.
Mention was also made of attack software using the SA login. It's a favorite because it's a well-known login with well-known privs on the server. In fact, I've seen it used in a live demo of hacking and it was scary how easy it was. There's a very simple solution to the problem - disable the login and leave it disabled. No exceptions. Period.
I admit that I'm very intrigued at the idea of a honeypot instance. However, if an attack makes no progress, the attacker is likely to move on to the next network it found. If it finds something of no value, it's more like to stick around and try to find something else. While certainly an intriguing idea, I think I'll opt for the "nothing to see here" approach.
May 1, 2017 at 4:09 am
TomThomson - Friday, April 28, 2017 10:25 PMUnfortunately there is no legal constraint on calling oneself an expert, and mostly people whoclaim to be experts are believed whether they are or are not.
Case in point: The Financial Expert commercial.
Viewing 9 posts - 31 through 38 (of 38 total)
You must be logged in to reply to this topic. Login to reply