Mailing List Archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tlug] Blocking bad sshd bruteforce attempt



On 12/07/06, GMO Unix Erin D. Hughes <erin-hughes@example.com> wrote:

[Josh Glover sed:]   <<== Erin, don't forget the attribution!

> If you rely solely on security by obscurity, you are a fool. If
> security by obscurity is but one part of a layered defence, then you
> are a wise man. :)

But how many layers do you deem necessary I think 3 is good for me...
1. Strong Passwords
2. SSH2 only & limited users
3. alternate port

Three sounds sufficient to me. Remember, when defending against bots
and scanners, the idea is not necessarily to achieve "ultimate
security" (which can only be achieved by unplugging the network), but
to make yourself more secure than 99% of the other boxes on the 'Net.
Which you almost certainly are, with three layers of countermeasures.

-Josh


Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links