[kwlug-disc] Tightening up SSH
adamglauser at gmail.com
Mon Jul 19 10:29:55 EDT 2010
On Mon, Jul 19, 2010 at 10:09 AM, Khalid Baheyeldin<kb at 2bits.com> wrote:
>> The single most effective thing you can do to prevent these types of attacks
>> is run ssh on a non standard port.
On 19/07/2010 10:23 AM, Dave Cramer wrote:
> I disagree. Any security mechanism that relies on obscurity is not
> secure. Just harden it. It's trivial to port scan you anyway.
I used to think that way too Dave. As far as I'm concerned though, it
doesn't hurt add obscurity to an _otherwise_good_ security system. As
Khalid says, it makes it less likely that the random scans from the
wilds of the 'Net will notice your server.
It's like surviving a bear attack: You don't have to out-run the bear,
you just have to out-run the other guy.
More information about the kwlug-disc