|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Need urgent help regarding security
From: Marian Hettwer (MH
kernel32.de)
Date: Mon Nov 21 2005 - 02:33:07 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi there,
rayredshift.com wrote:
>
> Also, if you have access to the router, it's handy to re-write traffic from a
> higher public port down to port 22 on the server, since that will trip up anyone
> doing scans looking for a connect on port 22 across a large number of IP's.
>
No. That's security by obscurity and doesn't make your system even a wee
bit more secure.
Disable root login via ssh (like already mentioned), enforce public-key
authentication and maybe even go with OPIE.
> Anyway, just a couple of ideas I thought might be helpful while on the subject
> of SSH hardening :-)
>
all of them were about hardening, except the security by obscurity
"put-the-sshd-on-another-port" advice ;)
don't do that.
Regards,
Marian
_______________________________________________
freebsd-securityfreebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribefreebsd.org"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]