[kwlug-disc] Tightening up SSH

Raul Suarez rarsa at yahoo.com
Mon Jul 19 10:41:08 EDT 2010

--- On Mon, 7/19/10, Dave Cramer <davec at visibleassets.com> wrote:
> I disagree. Any security mechanism that relies on obscurity
> is not secure. Just harden it.  It's trivial to port scan you
> anyway.

Lets start by agreeing that security by obscurity is false security.

The point for changing the port is not security. As we've indicated any person directly targeting your computer will try different ports.

The point for changing the port is to stop drive-by attacks by people randomly scanning computers for vulnerabilities.

It is equivalent to the steering wheel locks. Any thief that wants to steal your car has the tools to break it. But most of them will just go to the next car.

Raul Suarez

Technology consultant
Software, Hardware and Practices
Twitter: rarsamx
An eclectic collection of random thoughts

More information about the kwlug-disc mailing list