 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
--On Wednesday, March 27, 2013 3:28 PM -0400 Bill Horne <bill at horne.net> wrote: > When combined with port-knocking, having a non-standard port for a > service like ssh > is an effective means of preventing port-scanning attacks. It doesn't > prevent an It also makes you vulnerable to denial of service. > in Exim4, but it > _IS_ an effective tool when properly deployed. I claim that obfuscation cannot be properly deployed. Obfuscation is wrapping a towel around your head and pretending that if you can't see the service then neither can anyone else. Changing the port isn't giving your neighbor the key to your home. Keys are authentication tokens. The port is analogous to the keyway. Changing the port is the same as moving the keyway. The lock is still there and you still need the correct key; you've just moved it up or down from where it is normally located which is usually a convenient waist/elbow height. The only security that you've added is that blind thieves are going to have a slightly harder time finding the keyway. -- Rich P.
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
