lowen at pari.edu
Thu Oct 4 12:41:01 UTC 2007
On Wednesday 03 October 2007, Steve Siegfried wrote:
> Changing ports for ssh isn't actually that hot of an idea. Most port
> scanners can detect ssh implementations since they normally self-identify.
> For example, if you're running ssh on the normal port (22), try executing:
Changing the port on which ssh listens is an excellent idea. This way,
someone trying to find it has to do port-scanning. This gives my NIDS a
chance to track the attack (yes, I know about some of the various 'stealth'
techniques; but I also know about tarpit and ways of making the cisco IOS
firewall and the NIDS talk to each other).
This puts one more stumbling block in the way of the attacker; all security
measures really do is delay things and make them progressively harder; I've
studied locksmithy for a number of years, even apprenticed for a little
while, have done my own personal locks and keys, etc, and those techniques of
delay are fundamental to physical security. The same techniques can improve
your systems' security on the Internet; improvement is good.
Note that I don't have a false sense of security; I know that my systems are
going to be found vulnerable to something, and could probably be hacked if
someone were persistent enough. But I've dealt with hacks before, and I'll
deal with them again. Real-world security is realizing how much effort to put
into it; if a simple port change eliminates 99% of those trying to attack my
systems (and frees up bandwidth for real use) then it's something I'm going
to do, and something I'm going to recommend others do, as well.
Chief Information Officer
Pisgah Astronomical Research Institute
1 PARI Drive
Rosman, NC 28772
More information about the users