You pointed to SELinux and two factor authentication to be like your solution (ie disabling root login), but these tools (SELinux/twofactor auth.) are build to completly mitigate the attack (the attacker is unable to perform the needed action in any way).
You are (instead of completly mitigating), only raising complexity a little bit (ie not completly avoiding), which is what is "Security through obscurity" about (ie. by hiding source code, the attacker only solve more complex problem - debugging machine code). One more time: The system can be cracked by BF attack only if there is a weak (root) password. If you disable remote root login (bacause users are using weak crackable password), you are saying to the user: "Happily use simple password because you are safe even that!". And because when admin password could be simple then the user password will be more simpler (this is average-user-logic) and the BF against the system will succeed more easily (even the login name will need to be guessed or picked by another way). So your solution is potentionally more dangerous than current situation. If you want to avoid the problem (ie avoid BF crack-in), disabling remote root login is not the right way, this is simply not enough, this does not solve the problem. There are better solutions I wrote about already (prefferrably to not expose SSH to the wild by default). Milan Dne 12.1.2015 v 12:45 P J P napsal(a): > Hello Milan, > >> On Monday, 12 January 2015 3:11 PM, Milan Keršláger wrote: >> No, this is not good idea as I wrote few minutes ago because it does not >> improve security, it just provide feeling of better security, see: >> https://en.wikipedia.org/wiki/Security_through_obscurity > I disagree. First of all, there is no _obscurity_ in it. Obscurity would > have been if we just changed name of the 'root' user to something else, say > Admin/Superuser/Batman etc. > > This feature _restricts_ remote root access to a machine. It is a preventive > measure; Just like having SELinux or firewall or disabling services which are > not used. Look at it as being analogous to two factor authentication. It > involves two steps to gain remote root access to a machine, instead of one. > This preventive measure can thwart real brute force attacks. Which is a net > gain in terms of safety to users. > > >> Disabling root loging does not solve the problem and it profides only > > Which problem? It seems you've different understanding of its purpose. > > On Monday, 12 January 2015 4:18 PM, Francisco Alonso wrote: >> That's not security through obscurity. It's a way to limit >> the exposure to a brute force attack with an a privileged account. >> Also this allows the user uses a different account so remote >> attacks that user is unknown and can not be used to brute >> force delimiting more exposure. > Exactly! > > > Thank you.--- > Regards > -Prasad > http://feedmug.com -- Milan Keršláger http://www.pslib.cz/ke/ http://www.nti.tul.cz/wiki/Milan.Kerslager -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
