Port 443 for HTTPS

[titan]

I was wondering for security purposes if there is any merit in changing the default port number on my ISY? Is there a guide to making the system the most secure it can since it is open to internet access? I'm guessing a strong password should be used of course.

 

Regards,

 

Tom

[brad77]

To me, changing the default port from 443 falls into the "security through obscurity" category. It may help the casual surfer, but it's still pretty easy to scan ports to find servers.

 

In my opinion, always use SSL when connecting from the Internet. That'll keep your communications with your ISY encrypted, even if you're on an open WiFi without a firewall (which is not something I'd recommend).

 

The ISY can generate 1024 bit SSL certs, but the extra overhead to handle the additional encryption will slow things down a bit. If you're using a phone to connect, SSL will affect its performance too.

 

You are on the right track in using a strong password, in my opinion. The rest probably falls into just staying safe on the 'net (be wary of public terminals, don't leave your computer logged in while unattended, password/PIN protect your phone, etc.)

 

I suppose that if you wanted to be really careful, you could set up a VPN. That'll encrypt everything and generally works on most computers and smartphones. You may find that to be a bit overkill, though.

[Goose66]

I definitely recommend changing your ports, at least as far as the outside world sees them. I always set ports up in my firewall anywhere from 20,000 to 64,000 randomly and port forward them to internal IP addresses and ports. Sure the open ports could be discovered by a complete port scan of my firewall. But that would take time and mean that someone was targeting me directly. Hard core hackers scanning ports on the Internet may only scan the first 1024 ports, and most simply scan the 20 or so well-known ports, including 443. If they get no response from the well-known ports, they move on (quickly) to the next IP address.