On Tue, Feb 22, 2011 at 15:50, Russell Johnson <[email protected]> wrote: > On Feb 22, 2011, at 3:40 PM, Randal L. Schwartz wrote: >> >> In other words, you don't need port knocking. Just be slighly uncommon, >> and you're good to go. > > Is this security through obscurity? > > Yes. > > Does it work? > > In combination with good practices, yes.
It (might) reduce overall risk, but it doesn't... > The same way that Linux and other *nix based OSes are smaller targets and in > turn, not as inviting. There are a LOT of targets out there on port 22, and > if you know how to change the port sshd listens to, you probably know how to > make sshd more secure as well. ...improve security. You are frobbing the likelyhood side of the equation instead. Also, there are ... well, rather a lot of attacks on Linux out there, and it is an inviting target. The profile is different to Windows, but I don't honestly know that there are less attacks. Daniel Last time I counted the CVE stuff showed that Win32 and Linux were about even in terms of vulnerabilities, at least, and that you were much more at risk if you used something outside the big three distros, or Win32. -- ⎋ Puppet Labs Developer – http://puppetlabs.com ✉ Daniel Pittman <[email protected]> ✆ Contact me via gtalk, email, or phone: +1 (503) 893-2285 ♲ Made with 100 percent post-consumer electrons _______________________________________________ PLUG mailing list [email protected] http://lists.pdxlinux.org/mailman/listinfo/plug
