Need urgent help regarding security

[dtalk-ml at prairienet.org]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Danny Carroll wrote:

> But sshd can be moved without problem.

It's not a cost-free solution, because there are support consequences. 
Users don't like change.  Fortunately for us, we control their client 
configurations, so it's invisible to them.

>> I just have the strong feeling that moving a daemon to another port 
>> (where it doesn't belong) won't gain any security.

On 22, I used to get many, sometimes many thousands, of brute force 
password attempts per day.  After moving to a higher port, I get zero. 
Mathematics tells me that makes it less likely that one of my user 
accounts will get whacked.  It also raises the signal to noise ratio and 
storage requirements of my logs dramatically.

I'm sure no one here thinks obscurity is a substitute for proper 
configuration of good quality software.  Nevertheless, real world 
experience shows quite clearly that the odds of an expensive compromise 
go down when I'm a little harder to find.  The fact that this does 
nothing to slow down a targeted attack does not diminish the value of 
evading the entire population of drive-by bots.

- -d

- --
David Talkington
dtalk-ml at prairienet.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDgfdQ5FKhdwBLj4sRApC2AKCQNAd1lpHSukrwtolbKtLplhQGrwCgpSuU
xPnXD1Q2UTykKv2pCJHKE9I=
=C79J
-----END PGP SIGNATURE-----