Philip Stubbs wrote:
> * Jim Kissel (jlk@???) wrote:
>>
>> Philip Stubbs wrote:
>>> * Sean Gibbins (sean@???) wrote:
>>>> * of course it does not have to be port 22, but rather whatever port
>>>> your ssh server is listening on
>>> I would suggest that you don't use port 22 if you don't have to.
>>> Port 22 will be a target for attack, so by using a different port
>>> you will increase security by obscurity.
>> You should add a smiley, or bracket non-obvious jokes with [humour] to
>> prevent misunderstanding in e-mails.
>
> Sorry, that was not meant to be a joke. I know that obscurity is not
> considered a serious security method by lots of people, but I can't
> see that it would hurt to 'keep your head down'. I am no expert, but
> I have noticed that by using a non standard port, I have eliminated
> any records of failed attempts to gain access to my machine. Now if
> somebody really good did get in, I probably would not see it in the
> logs if they covered their tracks well, But at least all those
> script kiddies are turned away at the door.
>
> I don't want to start a flame war, so if you are a professional in IT
> working on Linux systems, then a bow to your superior expertise!</humour>
To paraphrase Groklaw IANASITP (I Am Not A Security IT Professional),
but have had to cope with being a sometimes SysAdmin since before SysV
was released and a fair amount of s/w development water flowed under the
bridge during that time. It puts a smile on my lips every time I hear
of "security by obscurity". I think it was Bruce Schneier explained it
in a story about two safes.
If I put 100,000 units of your favourite currency in a safe that can be
opened nail file and 10 minutes work, and hide the safe somewhere in
Surrey, I have security through obscurity. On the other hand, if I put
the same amount in a second safe and publish the design details of the
lock, and give you access to the safe and a team of professional
locksmiths and you still can't open the safe unless you have the key for
the lock, then I have true security.
no flames intended
>
> --
> Philip Stubbs
> http://www.stuphi.co.uk
>
--
Simple effective migration to Open Source based computing
Jim Kissel
Open Source Migrations Limited
w:
http://www.osml.eu
e: jim.kissel@???
p: +44(0) 8703 301044
m: +44(0) 7976 411 679
