On Tue, Sep 22, 2009 at 3:33 PM, Kenneth Burgener <[email protected]> wrote: > Probably not the right thread to be contending this point, but I believe > security through obscurity can be one layer for security. It should > defiantly not be your only means of security. Security is all about layers > of *deterrents*. Notice I emphasize the word deterrent. There is no such > think as absolute security. But, the more deterrents you have the less > likely you are to become a victim. A determined hacker/thief will always > find away.
I agree, that it is a deterrent to the like of SSH scanning bots, and the like. However, any sensitive service you provide (SSH, svnserve, etc) should be protected through much better methods (VPN, Firewall rules, etc). Generally, if you even have the option of changing the default port, you can count the number of users of the service on one hand. It is much more prudent to restrict that service to VPN users, or their source IP/networks via firewall. > Compare it to your house. No trespassing signs, closing your blinds and > locking your doors are all good deterrents, but a determined thief will walk > around the sign, break the window and knock down the door. A really > determined thief could ram a truck into your wall, bypassing all other > entrances. Changing the default port is more comparable to placing a boulder in your driveway. Sure, no bad people can drive in your driveway, and it deters the casual thief from stopping at your house. However, it will cause you more pain and complexity than what it is worth. The right approach is to install locks and an alarm system. > As far as the changing the default port, this is not a high deterrent, but > it does help reduce the number of attempts by mass login scanners, and I for > one, really appreciate having less random attempts, and less security logs > to comb through. If you have a login type service exposed to the world you could easily rate limit new connections and/or use a failed login scanner like DenyHosts. http://kb.bobcares.com/?View=entry&EntryID=466 --lonnie _______________________________________________ UPHPU mailing list [email protected] http://uphpu.org/mailman/listinfo/uphpu IRC: #uphpu on irc.freenode.net
