a record?

• Previous message (by thread): a record?
• Next message (by thread): a record?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I said many times - just use non standard port. Number of hackerts who
discover this port wil decrease approx 10,000 times, to
almost 0 (number).

(Of course, except if you are a bank).

Other approach exists as well - SecureID on firewall. Login to firewall,
authenticate, and have dynamic access list which opens ssh for you (and
still keep ssh on port != 22).


----- Original Message ----- 
From: "Patrick W. Gilmore" <patrick at ianai.net>
To: <nanog at nanog.org>
Cc: "Patrick W. Gilmore" <patrick at ianai.net>
Sent: Tuesday, November 15, 2005 11:02 AM
Subject: Re: a record?


>
> On Nov 15, 2005, at 12:52 PM, Church, Chuck wrote:
>
> > Isn't it just good security practice to limit telnet/SSH access to
> > only
> > a few choice hosts/subnets?  I know I'd never allow the 0/0 net access
> > to a signon screen, even if it is SSH.  If you're on vacation and need
> > to access something, call your NOC, and have them temporarily allow
> > your
> > dynamic address for SSH.  When a hacker finds an open SSH host, they
> > think two things - This host is important to someone, and that they
> > need
> > more doughnuts...
>
> That is an excellent idea.  As soon as I hire a NOC for my personal
> boxes, I'll get right on that.  But, since I Am Not An Isp, I doubt
> that is going to happen soon.
>
> Remember, not every box on the Internet is supported by a whole
> network of resources (physical and human).
>
> -- 
> TTFN,
> patrick

• Previous message (by thread): a record?
• Next message (by thread): a record?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]