[kwlug-disc] Tightening up SSH

Adam Glauser adamglauser at gmail.com
Mon Jul 19 10:29:55 EDT 2010


On Mon, Jul 19, 2010 at 10:09 AM, Khalid Baheyeldin<kb at 2bits.com>  wrote:
>> The single most effective thing you can do to prevent these types of attacks
>> is run ssh on a non standard port.

On 19/07/2010 10:23 AM, Dave Cramer wrote:
> I disagree. Any security mechanism that relies on obscurity is not
> secure. Just harden it.  It's trivial to port scan you anyway.

I used to think that way too Dave.  As far as I'm concerned though, it 
doesn't hurt add obscurity to an _otherwise_good_ security system.  As 
Khalid says, it makes it less likely that the random scans from the 
wilds of the 'Net will notice your server.

It's like surviving a bear attack:  You don't have to out-run the bear, 
you just have to out-run the other guy.




More information about the kwlug-disc mailing list