Is it real practice to let firewalls to react on inbound packets matching a disallow-rule in the way as an open yet unfiltered port would do?
I mean that dropping a packet has the disadvantage to be providing the attacker with one information - there is a packet filter between you and the object of your interest.
The ideal state of ports those out of use may eventually be - from security point of view - „not existing/not present“ instead of closed because closed means it exists and everything existing forms some form of attack surface.
[link] [comments]
from hacking: security in practice https://ift.tt/ZudyKrC
Comments
Post a Comment