Re: Need urgent help regarding security

From: Marian Hettwer (MH_at_kernel32.de)
Date: 11/21/05

  • Next message: Peter Jeremy: "Re: Need urgent help regarding security"
    Date: Mon, 21 Nov 2005 09:33:07 +0100
    To: ray@redshift.com
    
    

    Hi there,

    ray@redshift.com wrote:
    >
    > Also, if you have access to the router, it's handy to re-write traffic from a
    > higher public port down to port 22 on the server, since that will trip up anyone
    > doing scans looking for a connect on port 22 across a large number of IP's.
    >
    No. That's security by obscurity and doesn't make your system even a wee
    bit more secure.
    Disable root login via ssh (like already mentioned), enforce public-key
    authentication and maybe even go with OPIE.

    > Anyway, just a couple of ideas I thought might be helpful while on the subject
    > of SSH hardening :-)
    >
    all of them were about hardening, except the security by obscurity
    "put-the-sshd-on-another-port" advice ;)
    don't do that.

    Regards,
    Marian
    _______________________________________________
    freebsd-security@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-security
    To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"


  • Next message: Peter Jeremy: "Re: Need urgent help regarding security"

    Relevant Pages

    • RE: Re: Concepts: Security and Obscurity
      ... so long as you understand that the server location and port number ... security in the slightest." ... Beale's assertion that "Obscurity Potentially Slows Down the Attacker". ... BDO Kendalls is a national association of separate partnerships and entities. ...
      (Security-Basics)
    • RE: Re: Concepts: Security and Obscurity
      ... BDO Kendalls is a national association of separate partnerships and entities. ... last I heard availability had something to do with security. ... Maybe we can all agree that "port obscurity" is a special case of STO. ...
      (Security-Basics)
    • Re: Re: Concepts: Security and Obscurity
      ... Then you must admit port obscurity is a special case, ... BDO Kendalls is a national association of separate partnerships and entities. ... Subject: Concepts: Security and Obscurity ...
      (Security-Basics)
    • RE: Re: Concepts: Security and Obscurity
      ... This is not obscurity for security - rather a use of a different port ... Subject: Concepts: Security and Obscurity ... Security is based on risk management and ...
      (Security-Basics)
    • Re: Somebody is keep trying to ssh into my systems, how can I stop that?
      ... Closing a port via a fire wall is not "security through obscurity", ... Since the sequence is right out there in the open any attempt it claim it ...
      (comp.os.linux.security)