[kwlug-disc] Tightening up SSH

Khalid Baheyeldin kb at 2bits.com
Mon Jul 19 18:59:37 EDT 2010


On Mon, Jul 19, 2010 at 10:31 AM, John Van Ostrand <john at netdirect.ca>wrote:

> ----- Original Message -----
> >
> > I disagree. Any security mechanism that relies on obscurity is not
> > secure. Just harden it. It's trivial to port scan you anyway.
>
> ditto.
>
> # nmap -sS -p 22,122,222,2022,2222 ip.address.or.net
>

Yes, but that is a hypothetical situation, or a targeted attack
(deliberately wanting to penetrate this specific server).

A targeted attack may succeed that way, and honestly, probably no one can
prevent a targeted attack, only delay it.

But for the random scans that happen every hour on the net, the bots scan
for common exploits and that means port 22 for ssh.

Run it on another port and 99% of scans for ssh will go away. You are less
vulnerable (note: less vulnerable != more secure), but also there is less
noise in the logs, less use of disk space, and less resources used by these
attacks.
-- 
Khalid M. Baheyeldin
2bits.com, Inc.
http://2bits.com
Drupal optimization, development, customization and consulting.
Simplicity is prerequisite for reliability. --  Edsger W.Dijkstra
Simplicity is the ultimate sophistication. --   Leonardo da Vinci
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://astoria.ccjclearline.com/pipermail/kwlug-disc_kwlug.org/attachments/20100719/d51aeebe/attachment.html>


More information about the kwlug-disc_kwlug.org mailing list