How secure is Port 2222

[tmuster2k 22]

I get this question from time to time regarding remote clients connecting over the internet. 

Is there anything to worry about with this port open to the internet? Any other verbiage would be good so I can provide details. 

[itman 1,659]

https://www.auditmypc.com/tcp-port-2222.asp

Example of a SSH attack exploiting an open port 2222: https://www.hackingarticles.in/ssh-penetration-testing-port-22/ .

Bottom line - any open port on the WAN side of the network gateway is a risk.

[tmuster2k 22]

any other recommendations? Customer is no VPN so is there any other option for Agent to connect other than what is relayed in >>hxxp://support.eset.com/kb3304/  ??

 

[itman 1,659]

Overall, I see nothing wrong with this:

Quote

 

Network configuration steps

1. Create a NAT rule on your firewall/router that points traffic received on port 2222 TCP to the internal IP address of your ERA server.
    
2. Add a new DNS record on your internal DNS server that points to the ERA server (in the example below, a record would be created pointing avserver.example.com to 192.168.0.123).
    
3. Add a new DNS record via your domain name registrar that will allow clients outside of your internal network to locate the external IP of your ERA server.
    
4. Make sure that all necessary ports are open on servers and client workstations. 

 

I assume there is necessary external access authorization in ERA?

Again, external port 2222 traffic must be strictly routed; to the ERA server in this instance.

Edited March 21, 2019 by itman

[greyjoy99 0]

17 hours ago, tmuster2k said:

I get this question from time to time regarding remote clients connecting over the internet. 

Is there anything to worry about with this port open to the internet? Any other verbiage would be good so I can provide details. 

We have our ESMC server in DMZ. Ports 2222 & 3128 are open but secured enough.

[itman 1,659]

Also in regards to this:

Quote

Create a NAT rule on your firewall/router that points traffic received on port 2222 TCP to the internal IP address of your ERA server.

Note that gateway NAT and firewall rules are separate entities and are processed in a different order depending on whether the Internet traffic is inbound or outbound. Here's a reference to that using pfsense as an example:

https://docs.netgate.com/pfsense/en/latest/book/nat/ordering-of-nat-and-firewall-processing.html