- Posted on
Thu Dec 17, 2009 10:01 am
-
seanadams
offline
-
- Posts: 489
- Joined: Mar 19, 2008
- Location: Saratoga, CA
Usually the first step in hacking into anything is to run a "port scan" which is trivial to accomplish using any number of tools - in other words, it requires no degree of dedication at all. This instantly tells the attacker what ports are open on a system. Malicious port scans of every IP address on the internet are taking place 24 hours a day, coordinated by distributed networks of virus-infested windows machines (aka botnets).
What they are looking for is primarily two things: 1) out-of-date servers running software with known vulnerabilities and 2) equipment that ships with default passwords, or services which are likely to have weak passwords.
The overwhelming majority of security breaches are found by these types of scans, NOT in the hollywood scenario where someone is committed to breaking into YOUR network in particular.
The point is, there's no sense trying to hide what port numbers you are using because anyone can and will just test that. What is most important is to secure the services that are running on those ports, which means keeping those programs up to date and making sure you are using a sensible username/password. Your friends are hardly a threat - the zillions of zombie PCs out there testing default passwords is what you need to worry about.
If you really want to get serious about it, you need a proper firewall device which you can use (among other things) to control specifically what remote hosts are allowed to access to which of your services. However, I don't think that's worth the trouble if Indigo is the only thing you're exposing to the world - it's not what most hackers would consider low-hanging fruit, although it would be fun to blink someone's lights on and off in the middle of the night.