| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <9E97F0997FB84D42B221B9FB203EFA275CBA5B@dc1ms2.msad.brookshires.net> From: toddtowles at brookshires.com (Todd Towles) Subject: OpenSSH is a good choice? I would believe "Security through obscurity" is bad but "Obscurity in Security" is good. As long as it is a step in your layered defense stand, obscurity is ok, but don't relay on it for everything. Which is good advice for everything anyways. Hide your port but take active steps to secure SSH deeper, disable V1, use only strong cipher...make obscurity part of your security plan but not the only step in the plan. > -----Original Message----- > From: full-disclosure-bounces@...ts.netsys.com > [mailto:full-disclosure-bounces@...ts.netsys.com] On Behalf > Of Willem Koenings > Sent: Tuesday, December 21, 2004 4:37 PM > To: full-disclosure@...ts.netsys.com > Subject: Re: [Full-Disclosure] OpenSSH is a good choice? > > on Tue Dec 21 14:54:44 EST 2004, Ron DuFresne wrote > > > the non std port advice is not worth much, security through > obscurity > > kinda thing. > > wrong. non standard port helps quite well against automated scans. > most targets nowadays are searched via automated scans. if > you are painted red, you get attention. this is first step - > stay gray. but if you are already set up as a target, this > would not help you. this helps you NOT getting up as target > for someone, who just searching some servers for fun - scriptkiddies. > > W. > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html >
Powered by blists - more mailing lists