Questions concerning Security Log

[Robert Spangler]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Saturday 09 April 2005 20:13, Brian Gaynor wrote:

>  > -----Original Message-----
>  > I will agree that for a script kiddy this will work, but for
>  > someone who is
>  > really trying to get in they will figure this out in a short
>  > time and then
>  > you are no longer protected.  The best bet is to move to an
>  > unknown port.
>
>  I would disagree a bit. Denying access after a small number of
> unsuccessful logons effectively reduces the bandwidth of anyone attempting
> a brute force attack, script kiddie or pro. Changing ports may hide you
> from script kiddies but not from a pro.

Not so sure I would agree with this.  If they are hammering you then yes.  But 
if they watch their logs then they will see that after X attempts they are no 
longer getting a reply then they could (at least I would) add time in between 
requests.  Sooner or later they will find the right time intervals and they 
are back in business again.

Ex;  you set a 5 attempt/5 minutes.  they change this script to wait 61 sec 
between attempt they are back in business.

>  In addition the need to support users of various skill levels and
> additional services that may rely on SSH (SFTP, SVN) and changing ports
> becomes a support mess.

This could all be configured.

>  Probably the most secure is to use certificates, but this can be a
> headache if you have lots of users.

True


- -- 

Regards
Robert

Smile... it increases your face value!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)

iD8DBQFCWIpS0xJrO8dQYHgRAtDkAJ0RYEhCVKdzjTSKvJyM7jOasY0O7wCgp432
Sx5O8ikwDRcALRIMI8pdxLo=
=s2ZA
-----END PGP SIGNATURE-----