[CentOS] Failed attempts
Mark Haney
mark.haney at neonova.net
Tue Nov 28 16:15:51 UTC 2017
On 11/28/2017 04:09 AM, Pete Biggs wrote:
>
>>>
>>> - don't run ssh on 22, use a different port. (Things get a lot
>>> quieter when you do that, but it comes with it's own problems and don't
>>> get complacent because someone will find the port eventually.)
>>
>> I consider that pointless security-through-obscurity.
>
> That wasn't meant as a "security" thing - that's why it was under the
> heading "For your sanity ...". All these things do is to make it so
> that your machine is no longer the low-hanging-fruit!
>
Pointless? I think not. Using (and locking down, which is implicit in
my post) a non-standard port isn't pointless. I dare say, it's as valid
as using fail2ban or iptables.
Let me ask, since you're against pointless changes, do you also
advertise the SSHd version you're running on your standard port? If
not, isn't that the same thing? Besides, the idea is to /not be low
hanging fruit/, is it not?
The idea is to make the system as secure as possible. Security is
something everyone should take seriously, and sometimes hiding the
padlock is probably a better deterrent than just having it in plain
sight. The harder you make it for someone to attack you, the better off
you will be.
Scoff if you will, I've been at this 20 years, I'd rather OVER secure
than under if the circumstances require it.
--
Mark Haney
Network Engineer at NeoNova
919-460-3330 option 1
mark.haney at neonova.net
www.neonova.net
More information about the CentOS
mailing list