On 22 June 2011 09:28, Vic <l...@beer.org.uk> wrote:
> That's a "security through obscurity" argument. It does no harm unless you > actually rely on that obscurity for your security - but in the same > breath, if you're not relying on obscurity, then it does no good either. Yes, very true but unless you are big evil company being specifically targetted by hackers (e.g. Sony), then hackers are only interested in owning your home servers for distributed denial of service attacks that they can fire off at someone else and let you take the blame for it. The hackers just want to harvest as many boxes as possible as quickly as possible - so it comes down to taking an entirely selfish viewpoint and just ensuring you're at least slightly more secure than the next guy. It's the "gazelle" principle - as long as when you look over your shoulder there's a gazelle running behind you, then you'll be fast enought to avoid the pack of hunting lions :-) many problems as it solved. Some of my users were rubbish at rememberingpasswords... > I replaced it with a rate-limiting script in iptables which is very > effective. > Yep, I've got some fairly basic iptables running at home but I do keep meaning to go do some more interesting stuff with it. > Again, with key-based authentication, I don't need to open the port on > demand; it's safe to leave it open. If an attacker can break my 2048-bit > key, there are far more lucrative keys to break elsewhere... I can't argue with that. But the fact that your SSH server is easily visible *might* mean that it gets buffer overflowed as a result of a brand new vulnerability report before you got to it and patched it. You clearly know something about security and you therefore know it's all about security layers anyway - putting obstacles in the way of a hacker because the more you put in his way, the more likely he is to give up and go find an easier box to own. --Peter > > > -- > Please post to: Hampshire@mailman.lug.org.uk > Web Interface: https://mailman.lug.org.uk/mailman/listinfo/hampshire > LUG URL: http://www.hantslug.org.uk > -------------------------------------------------------------- >
-- Please post to: Hampshire@mailman.lug.org.uk Web Interface: https://mailman.lug.org.uk/mailman/listinfo/hampshire LUG URL: http://www.hantslug.org.uk --------------------------------------------------------------
