View Single Post
  #9   (View Single Post)  
Old 22nd January 2010
ai-danno's Avatar
ai-danno ai-danno is offline
Spam Deminer
 
Join Date: May 2008
Location: Boca Raton, Florida
Posts: 284
Default

You guys are right:
  • Keeps script kiddies away and out of your logs
    But there are other obvious measures you can take to limit this (i.e., acceptable addresses, acceptable login names, version type, time-expiring attempt limits based on address or block, etc.), so if you are just looking to keep your log files down, it might be better to constrain things and then still keep a keen eye on the attempts. Personally, from a security perspective, I like keeping track of failed attempts- it helps complete the security picture.
  • It depends on your environment
    It certainly does- if you are operating a publicly accessible ssh server that will see legitimate logins from the wild on a regular basis, then your environment may lend itself to a port change. If you know who should be coming in (and more importantly, from where), then see above.
  • Keys would be even better
    Wouldn't they?

    Sigh, oh well. Someday
  • I know we live in the real world heheh.
    I realize that you have to do what works in your life, but security is about not trusting assumptions, reassessing concrete security models, and systematic thorough reviews of the mechanics.

Sometimes I read about people's thoughts on security, and it chocks up to, If I do such-n-such, I can wipe my hands and walk away and not worry about this security problem ever again. I was not intending this for anyone in this discussion, mind you, but I think what separates "us" from "the rest of them" is the ability to not take these kinds of things for granted. So forgive me if I picked things apart there heheh .
__________________
Network Firefighter
Reply With Quote