Security basics

Lamar Owen lowen at pari.edu
Thu Oct 4 12:41:01 UTC 2007


On Wednesday 03 October 2007, Steve Siegfried wrote:
> Changing ports for ssh isn't actually that hot of an idea.  Most port
> scanners can detect ssh implementations since they normally self-identify. 
> For example, if you're running ssh on the normal port (22), try executing:

Changing the port on which ssh listens is an excellent idea.  This way, 
someone trying to find it has to do port-scanning.  This gives my NIDS a 
chance to track the attack (yes, I know about some of the various 'stealth' 
techniques; but I also know about tarpit and ways of making the cisco IOS 
firewall and the NIDS talk to each other).

This puts one more stumbling block in the way of the attacker; all security 
measures really do is delay things and make them progressively harder; I've 
studied locksmithy for a number of years, even apprenticed for a little 
while, have done my own personal locks and keys, etc, and those techniques of 
delay are fundamental to physical security.  The same techniques can improve 
your systems' security on the Internet; improvement is good.

Note that I don't have a false sense of security; I know that my systems are 
going to be found vulnerable to something, and could probably be hacked if 
someone were persistent enough. But I've dealt with hacks before, and I'll 
deal with them again. Real-world security is realizing how much effort to put 
into it; if a simple port change eliminates 99% of those trying to attack my 
systems (and frees up bandwidth for real use) then it's something I'm going 
to do, and something I'm going to recommend others do, as well.
-- 
Lamar Owen
Chief Information Officer
Pisgah Astronomical Research Institute
1 PARI Drive
Rosman, NC  28772
(828)862-5554
www.pari.edu




More information about the fedora-list mailing list