On Wednesday 03 October 2007, Steve Siegfried wrote: > Changing ports for ssh isn't actually that hot of an idea. Most port > scanners can detect ssh implementations since they normally self-identify. > For example, if you're running ssh on the normal port (22), try executing: Changing the port on which ssh listens is an excellent idea. This way, someone trying to find it has to do port-scanning. This gives my NIDS a chance to track the attack (yes, I know about some of the various 'stealth' techniques; but I also know about tarpit and ways of making the cisco IOS firewall and the NIDS talk to each other). This puts one more stumbling block in the way of the attacker; all security measures really do is delay things and make them progressively harder; I've studied locksmithy for a number of years, even apprenticed for a little while, have done my own personal locks and keys, etc, and those techniques of delay are fundamental to physical security. The same techniques can improve your systems' security on the Internet; improvement is good. Note that I don't have a false sense of security; I know that my systems are going to be found vulnerable to something, and could probably be hacked if someone were persistent enough. But I've dealt with hacks before, and I'll deal with them again. Real-world security is realizing how much effort to put into it; if a simple port change eliminates 99% of those trying to attack my systems (and frees up bandwidth for real use) then it's something I'm going to do, and something I'm going to recommend others do, as well. -- Lamar Owen Chief Information Officer Pisgah Astronomical Research Institute 1 PARI Drive Rosman, NC 28772 (828)862-5554 www.pari.edu
