[CentOS] Failed attempts

Tue Nov 28 16:15:51 UTC 2017
Mark Haney <mark.haney at neonova.net>

On 11/28/2017 04:09 AM, Pete Biggs wrote:
>>>    - don't run ssh on 22, use a different port.  (Things get a lot
>>> quieter when you do that, but it comes with it's own problems and don't
>>> get complacent because someone will find the port eventually.)
>> I consider that pointless security-through-obscurity.
> That wasn't meant as a "security" thing - that's why it was under the
> heading "For your sanity ...". All these things do is to make it so
> that your machine is no longer the low-hanging-fruit!

Pointless?  I think not.  Using (and locking down, which is implicit in 
my post) a non-standard port isn't pointless.  I dare say, it's as valid 
as using fail2ban or iptables.

Let me ask, since you're against pointless changes, do you also 
advertise the SSHd version you're running on your standard port?  If 
not, isn't that the same thing?  Besides, the idea is to /not be low 
hanging fruit/, is it not?

The idea is to make the system as secure as possible.  Security is 
something everyone should take seriously, and sometimes hiding the 
padlock is probably a better deterrent than just having it in plain 
sight.  The harder you make it for someone to attack you, the better off 
you will be.

Scoff if you will, I've been at this 20 years, I'd rather OVER secure 
than under if the circumstances require it.

Mark Haney
Network Engineer at NeoNova
919-460-3330 option 1
mark.haney at neonova.net