Re: .NET 4.0.30319
But really it does NOT. Security by obscurity et al. If you, for example, provide a Cisco Anyconnect VPN for your clients at IP xxx.xxx.xxx.xxx:port_not_at_default, portscanners all over the world WILL discover your open port.
With a few tools they might discover that you run an IPSec VPN solution straight from your ASA. There ARE holes in the ASA software (up to version xxx, but you did not get to update to just yet, because enterprise), thus a VPN connection can be hacked/initiated/abused with a brute force hack (often). The attacker can connect with VPN (our just hacked account) and can discover other servers in that network. Keep this in mind.
Now, I am a business that exposes (hopefully) a Terminal Server Gateway or an RDP server to the internet. Port 3389. People can brute force accounts to this server (they can’t because of MS’ software).
Both situations provide an open port, which software do we need to hack?
Either way, they are both equally dangerous and updated software/firmware from all vendors prevents this.
I might not make myself popular with my statements, but I trust Microsoft more to mitigate these flaws than I do Cisco (at the ASA level).