Full Disclosure mailing list archives
RE: OpenSSH is a good choice?
From: "Todd Towles" <toddtowles () brookshires com>
Date: Wed, 22 Dec 2004 11:17:13 -0600
I would believe "Security through obscurity" is bad but "Obscurity in Security" is good. As long as it is a step in your layered defense stand, obscurity is ok, but don't relay on it for everything. Which is good advice for everything anyways. Hide your port but take active steps to secure SSH deeper, disable V1, use only strong cipher...make obscurity part of your security plan but not the only step in the plan.
-----Original Message----- From: full-disclosure-bounces () lists netsys com [mailto:full-disclosure-bounces () lists netsys com] On Behalf Of Willem Koenings Sent: Tuesday, December 21, 2004 4:37 PM To: full-disclosure () lists netsys com Subject: Re: [Full-disclosure] OpenSSH is a good choice? on Tue Dec 21 14:54:44 EST 2004, Ron DuFresne wrotethe non std port advice is not worth much, security throughobscuritykinda thing.wrong. non standard port helps quite well against automated scans. most targets nowadays are searched via automated scans. if you are painted red, you get attention. this is first step - stay gray. but if you are already set up as a target, this would not help you. this helps you NOT getting up as target for someone, who just searching some servers for fun - scriptkiddies. W. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: OpenSSH is a good choice?, (continued)
- Re: OpenSSH is a good choice? Willem Koenings (Dec 23)
- Re: OpenSSH is a good choice? Ron DuFresne (Dec 23)
- Re: OpenSSH is a good choice? Ben Hawkes (Dec 24)
- Re: OpenSSH is a good choice? Willem Koenings (Dec 24)
- Re: OpenSSH is a good choice? Ron DuFresne (Dec 25)
- Re: OpenSSH is a good choice? Kevin (Dec 25)
- Re: OpenSSH is a good choice? Ron DuFresne (Dec 27)
- Re: OpenSSH is a good choice? Stian Øvrevåge (Dec 24)
- Re: OpenSSH is a good choice? dk (Dec 24)