Re: Failed attempts

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On 11/28/2017 04:09 AM, Pete Biggs wrote:


   - don't run ssh on 22, use a different port.  (Things get a lot
quieter when you do that, but it comes with it's own problems and don't
get complacent because someone will find the port eventually.)

I consider that pointless security-through-obscurity.

That wasn't meant as a "security" thing - that's why it was under the
heading "For your sanity ...". All these things do is to make it so
that your machine is no longer the low-hanging-fruit!


Pointless? I think not. Using (and locking down, which is implicit in my post) a non-standard port isn't pointless. I dare say, it's as valid as using fail2ban or iptables.

Let me ask, since you're against pointless changes, do you also advertise the SSHd version you're running on your standard port? If not, isn't that the same thing? Besides, the idea is to /not be low hanging fruit/, is it not?

The idea is to make the system as secure as possible. Security is something everyone should take seriously, and sometimes hiding the padlock is probably a better deterrent than just having it in plain sight. The harder you make it for someone to attack you, the better off you will be.

Scoff if you will, I've been at this 20 years, I'd rather OVER secure than under if the circumstances require it.

--
Mark Haney
Network Engineer at NeoNova
919-460-3330 option 1
mark.haney@xxxxxxxxxxx
www.neonova.net
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos



[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]


  Powered by Linux