[CentOS] CentOS VPN server for iPhone

Fri Mar 27 15:20:25 UTC 2009
Bowie Bailey <Bowie_Bailey at BUC.com>

Joseph L. Casale wrote:
> > The non-standard port is a good trick,
> 
> Here's just an opinion: Security by obscurity only
> makes >you< feel good, it does nothing in reality.
> Anyone sufficiently talented to hack a service in
> order to gain root or do something useful would not
> be fooled by that. Set whatever your doing up right
> so that any false sense of security is not deemed
> necessary.

Changing port numbers will not stop a talented person who is intent on
breaking into your network.  However, it will stop (or at least slow
down) the script-kiddies, worms, and others out there who are just
scanning for misconfigured or unpatched applications.  Switching SSH to
a non-standard port completely emptied my log files of bad connection
attempts.  Now, if someone attempts to break in, it will be VERY obvious
in the logs where before, it would have been buried in all of the other
garbage.

> Prevent weak passwords, possibly use connection throttling
> etc etc.

Of course.  No one is suggesting that changing port numbers is all you
need to do.  It is just one more thing that you can do to slow down the
attackers.

-- 
Bowie