Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

RE: OpenSSH is a good choice?
From: "Todd Towles" <toddtowles () brookshires com>
Date: Wed, 22 Dec 2004 11:17:13 -0600

I would believe "Security through obscurity" is bad but "Obscurity in
Security" is good. As long as it is a step in your layered defense
stand, obscurity is ok, but don't relay on it for everything. Which is
good advice for everything anyways. Hide your port but take active steps
to secure SSH deeper, disable V1, use only strong cipher...make
obscurity part of your security plan but not the only step in the plan. 

-----Original Message-----
From: full-disclosure-bounces () lists netsys com 
[mailto:full-disclosure-bounces () lists netsys com] On Behalf 
Of Willem Koenings
Sent: Tuesday, December 21, 2004 4:37 PM
To: full-disclosure () lists netsys com
Subject: Re: [Full-disclosure] OpenSSH is a good choice?

on Tue Dec 21 14:54:44 EST 2004, Ron DuFresne wrote

the non std port advice is not worth much, security through 
obscurity 
kinda thing.

wrong. non standard port helps quite well against automated scans.
most targets nowadays are searched via automated scans. if 
you are painted red, you get attention. this is first step - 
stay gray. but if you are already set up as a target, this 
would not help you. this helps you NOT getting up as target 
for someone, who just searching some servers for fun - scriptkiddies.

W.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]