lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Pine.GSO.4.43.0412220238120.24574-100000@tundra.winternet.com>
From: dufresne at winternet.com (Ron DuFresne)
Subject: OpenSSH is a good choice?

On Wed, 22 Dec 2004, Willem Koenings wrote:

> on Tue Dec 21 14:54:44 EST 2004, Ron DuFresne wrote
>
> > the non std port advice is not worth much, security through
> > obscurity kinda thing.
>
> wrong. non standard port helps quite well against automated scans.
> most targets nowadays are searched via automated scans. if you are
> painted red, you get attention. this is first step - stay gray. but if
> you are already set up as a target, this would not help you. this
> helps you NOT getting up as target for someone, who just searching
> some servers for fun - scriptkiddies.
>

I'd disagree in that the tools are getting to be well enough defined that
we are all targets.  Best game is to restrict who has access to the ports
being served whenever possible, openssh has a history that makes this a
good service to limit this way.  Little need to hide what's not openly
allowed to all.

Thanks,

Ron DuFresne
-- 
"Sometimes you get the blues because your baby leaves you. Sometimes you get'em
'cause she comes back." --B.B. King
        ***testing, only testing, and damn good at it too!***

OK, so you're a Ph.D.  Just don't touch anything.



Powered by blists - more mailing lists