On 10/03/2014 04:17 AM, Theodor
Sigurjon Andresson wrote:
I agree with you on two thingsYes, when securing your services you *layer* defenses that could include using STO. But when STO is set up in a wrong way it can lead to a security issue. It isn't good to protect your services to slow down or prevent an attack by opening up a security risk. As in this case changing the port of SSH to 2222 isn't a good way to include STO. It doesn't matter how big the risk is, you just don't want this issue to be there. If you want to include STO in your security measures then you have to do it without opening up a security risk because you might be opening up a security risk that could be dangerous. In my opinion that is the case with SSH to port 2222. Changing the port to an privileged unassigned or unused port is a better way to include STO in your security measures for SSH. That way you don't have the risk of another user listening on your SSH. - changing the default port is not a security measure, it just lowers the noise in the logs and takes you a bit out of the path of automated scripts looking for easy targets. - changing the default port to anything above 1024 creates a greater risk than using one below 1024 On the other hand, even if it's easier to start a rouge daemon impersonating sshd to listen on a higher port, if you have a malevolent user already sniffing on a port - any port - from my point of view you already have bigger issues than the potential risk you mentioned. Incidentally I am a fan of using iptables (recent match) to limit the number of admissible attempts from any given IP to connect to sshd ( yes, I know, it has nothing to do with the initial concern you raised ) |
_______________________________________________ CentOS-docs mailing list CentOS-docs@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos-docs