|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: a record?
I said many times - just use non standard port. Number of hackerts who discover this port wil decrease approx 10,000 times, to almost 0 (number). (Of course, except if you are a bank). Other approach exists as well - SecureID on firewall. Login to firewall, authenticate, and have dynamic access list which opens ssh for you (and still keep ssh on port != 22). ----- Original Message ----- From: "Patrick W. Gilmore" <[email protected]> To: <[email protected]> Cc: "Patrick W. Gilmore" <[email protected]> Sent: Tuesday, November 15, 2005 11:02 AM Subject: Re: a record? > > On Nov 15, 2005, at 12:52 PM, Church, Chuck wrote: > > > Isn't it just good security practice to limit telnet/SSH access to > > only > > a few choice hosts/subnets? I know I'd never allow the 0/0 net access > > to a signon screen, even if it is SSH. If you're on vacation and need > > to access something, call your NOC, and have them temporarily allow > > your > > dynamic address for SSH. When a hacker finds an open SSH host, they > > think two things - This host is important to someone, and that they > > need > > more doughnuts... > > That is an excellent idea. As soon as I hire a NOC for my personal > boxes, I'll get right on that. But, since I Am Not An Isp, I doubt > that is going to happen soon. > > Remember, not every box on the Internet is supported by a whole > network of resources (physical and human). > > -- > TTFN, > patrick
|