On 1/20/2004 at 09:18:07 -0800, Alexei Roudnev said:
Uhm, that would be wrong. This is simply "security through obscurity".
Yes, it is wrong for the _smart books_. But it works in real life. Of course, it should not be the last line of defense; but it works as a first line very effectively.
If I rate safety as a number (10 is the best, 0 is the worst): - unpatched sshd on port 22 - safety is zero (will be hacked by automated script in a few weeks) - patched sshd on port 22 - safety is 5 (even patched sshd have a bugs, and I do not know, what happen first - I patch next bug or hacker's script find this sshd and hack it) - unpatched sshd on port 30013 - safety is 7 (higher) because no one automated script can find it, and no one manual scan find it in reality - patched sshd on port 30013 - safety is 9 - turn off power - safety is 10. Secure system, is a dark system.
(I did not rated firewalls etc).
Actually, an automated script or manual scan can find it trivially. All you have to do is a quick port scan, looking for this: 12:31 biohazard~>telnet [somewhere] [port] Trying [ip_address]... Connected to localhost. Escape character is '^]'. SSH-1.99-OpenSSH_3.4p1c Plus, if you put it on a non-standard port, you tend to use the same one across the enterprise, so it is only really obscure once. Moving port numbers only protects you against idle vandalism; it is useless against people who truly wish you harm. You really need a firewall, particularly one that can detect a port scan and shut off the scanner, for changing ports to have any real security. It is kind of like a 4-digit PIN being useless for a bank card without the 3-try limit. -Dave