[kwlug-disc] Tightening up SSH
rarsa at yahoo.com
Mon Jul 19 10:41:08 EDT 2010
--- On Mon, 7/19/10, Dave Cramer <davec at visibleassets.com> wrote:
> I disagree. Any security mechanism that relies on obscurity
> is not secure. Just harden it. It's trivial to port scan you
Lets start by agreeing that security by obscurity is false security.
The point for changing the port is not security. As we've indicated any person directly targeting your computer will try different ports.
The point for changing the port is to stop drive-by attacks by people randomly scanning computers for vulnerabilities.
It is equivalent to the steering wheel locks. Any thief that wants to steal your car has the tools to break it. But most of them will just go to the next car.
Software, Hardware and Practices
An eclectic collection of random thoughts
More information about the kwlug-disc