On Wed, 27 Oct 2004 11:54:08 +0100, Jim Higson <jh@xxxxxxx> wrote: > > Good points James...you missed one though... port 22. I see more attempts > > on SSH than any other port....stupid and LAME attempts but more on this > > than any other... > > Out of curiosity, how much does it really matter so long as you have strong > passwords? > > If security holes are discovered in ssh, then sure, someone who knows what > they're doing might be able to gain access. But then someone qualified enough > to find new holes in ssh won't be targeting my desktop box, or the http > server for a small buisines. > > In general isn't ssh pretty secure, and aren't security fixes normally issued > before the script kiddies get hold of an exploit? > > -- > Jim You never know when someone will feel slighted and make any business a target "to show them." It's best to not let root login directly and limit who can ssh in. The old security joke: Two men on the Serengeti Plans when they notice a lion stalking them. The first stops to put on his running shoes. The second states that you can't out run a lion even with running shoes. The first calmly states I don't have to out run the lion I have to out run you. The moral is that you don't have to have perfect security, but you better not be the easiest target either.
