[kwlug-disc] Tightening up SSH
Raul Suarez
rarsa at yahoo.com
Mon Jul 19 10:41:08 EDT 2010
--- On Mon, 7/19/10, Dave Cramer <davec at visibleassets.com> wrote:
> I disagree. Any security mechanism that relies on obscurity
> is not secure. Just harden it. It's trivial to port scan you
> anyway.
Lets start by agreeing that security by obscurity is false security.
The point for changing the port is not security. As we've indicated any person directly targeting your computer will try different ports.
The point for changing the port is to stop drive-by attacks by people randomly scanning computers for vulnerabilities.
It is equivalent to the steering wheel locks. Any thief that wants to steal your car has the tools to break it. But most of them will just go to the next car.
Raul Suarez
Technology consultant
Software, Hardware and Practices
_________________
Twitter: rarsamx
http://rarsa.blogspot.com/
An eclectic collection of random thoughts
More information about the kwlug-disc
mailing list