On 10/03/2014 04:17 AM, Theodor Sigurjon Andresson wrote:
Yes, when securing your services you*layer* defenses that could include using
STO. But when STO is set up in a wrong way it can lead to a security issue. It
isn't good to protect your services to slow down or prevent an attack by
opening up a security risk. As in this case changing the port of SSH to 2222
isn't a good way to include STO. It doesn't matter how big the risk is, you
just don't want this issue to be there. If you want to include STO in your
security measures then you have to do it without opening up a security risk
because you might be opening up a security risk that could be dangerous. In my
opinion that is the case with SSH to port 2222. Changing the port to an
privileged unassigned or unused port is a better way to include STO in your
security measures for SSH. That way you don't have the risk of another user
listening on your SSH.
I agree with you on two things
- changing the default port is not a security measure, it just lowers
the noise in the logs and takes you a bit out of the path of automated
scripts looking for easy targets.
- changing the default port to anything above 1024 creates a greater
risk than using one below 1024
On the other hand, even if it's easier to start a rouge daemon
impersonating sshd to listen on a higher port, if you have a malevolent
user already sniffing on a port - any port - from my point of view you
already have bigger issues than the potential risk you mentioned.
Incidentally I am a fan of using iptables (recent match) to limit the
number of admissible attempts from any given IP to connect to sshd (
yes, I know, it has nothing to do with the initial concern you raised )
_______________________________________________
CentOS-docs mailing list
CentOS-docs@centos.org
http://lists.centos.org/mailman/listinfo/centos-docs
