[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

RE: Questions concerning Security Log



> -----Original Message-----
> I will agree that for a script kiddy this will work, but for 
> someone who is 
> really trying to get in they will figure this out in a short 
> time and then 
> you are no longer protected.  The best bet is to move to an 
> unknown port.

I would disagree a bit. Denying access after a small number of unsuccessful
logons effectively reduces the bandwidth of anyone attempting a brute force
attack, script kiddie or pro. Changing ports may hide you from script
kiddies but not from a pro.

In addition the need to support users of various skill levels and additional
services that may rely on SSH (SFTP, SVN) and changing ports becomes a
support mess.

Probably the most secure is to use certificates, but this can be a headache
if you have lots of users.

Brian




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]