My opinion on security and obscurity
is that obscurity can in fact help improve an already sound security
posture. That’s keeping in mind that it should never become security
by obscurity — which is definitely bad.
Anyway, I’ve debated this issue for years with many people, and I remain
convinced that my position on the matter is correct. But tonight I decided
to do some very coarse testing of the idea using the SSH daemon.
I decided to configure my SSH daemon to listen on port 24 in addition to its
regular port of 22 so I could see the difference in attempts to guess
credentials on each. My expected result is far fewer attempts to access SSH
on port 24 than port 22, which I equate to less risk to my, or any, SSH
daemon.
It’s quite simple to set this up; you just put two port lines in your config
instead of one, and then restart your daemon:
Port 22 Port 24
Then I added logging to a couple of my firewall rules:
-j LOG --log-level 7 --log-prefix "Logged port 22: " -j LOG --log-level 7 --log-prefix "Logged port 24: "
(log rules go before their associated DROP, REJECT and ACCEPT rules, btw)
…and I’ve let that run for over 8 hours…on an unremarkable Saturday.
Get a weekly breakdown of what’s happening in security and tech—and why it matters.
The Results
Well, it’s definitely true that very few people look for SSH on port 24. In
the time that I gathered 7,025 connection attempts to my SSH daemon
on port 22 I received 3 on port 24.
Three.
[UPDATE: The stats over the weekend were over 18,000 connections to
port 22, and five (5) to port 24.]
That’s fine, but the real question is this: would it reduce my risk of
being compromised remotely through my SSH daemon if I were to change the
daemon’s port to 24? I think the answer is yes.
Let’s assume that there’s a new zero day out for OpenSSH that is just owning
boxes with impunity. Is anyone willing to argue that someone unleashing such
an attack would waste significant effort going for non-standard ports? Or
are they more likely to stick with the default port where they’re guaranteed
to find more daemons?
I think we do gain security by moving commonly-attacked listeners to
non-standard ports. And yes, that extra security does come from obscurity.
Remember, even tanks are painted with camouflage. ::
Related Posts
Technical Analysis: 4 Stocks with signs of death crossovers to keep an eye on
HDFC Bank & 3 other fundamentally strong stocks trading above 200 DMA to keep an eye on
Falling Channel Breakout: Multibagger NBFC Stock Shows Bullish Momentum on Daily Chart
4 Fundamentally strong stocks to buy for an upside potential of up to 36%; Do you hold any?
Markets tumble as Trump puts pressure on Federal Reserve
NLSC: SENIOR THREE AGRICULTUREAgriculture,New Lower Secondary Curriculum,Ordinary Secondary 
NLSC: SENIOR THREE CHEMISTRY
NLSC: SENIOR THREE GENERAL SCIENCENew Lower Secondary Curriculum,Ordinary Secondary,Sciences 
NLSC: SENIOR THREE NUTRITION AND FOOD TECHNOLOGYFood and Nutrition,New Lower Secondary Curriculum,Ordinary Secondary 
NLSC: SENIOR THREE CHRISTIAN RELIGIOUS EDUCATION
What is ChatGPT?General
35 Low-Back One-Pieces That Bring the DramaGeneral
The Final New Moon Of Spring Is Here — & It’ll Rock Your WorldGeneral
A Week In Jersey City, NJ On A $270,000 Household IncomeGeneral
Summer’s 9 Hottest Pedicure Colors Are Surprisingly VersatileGeneral
Merit’s Tinted Sunscreen Is So Good, It’s Replacing Our Usual MakeupGeneral
colline mwangaENG/P/7: RIGHTS, RESPONSIBILITIES AND FREEDOM- Aheebwa JosephDP: Digital Pedagoggy Assignment7
- Aheebwa JosephDP: Digital Pedagogy Assignment5
- Aheebwa JosephDP: Digital Pedagogy Assignment4
- Aheebwa JosephDP: Digital Pedagogy Assignment2
- Aheebwa JosephDP: Digital Pedagogy Final Project
SENIOR FIVE SUB ICT END OF YEAR EXAM ONE 2023
0 responses on "The Math and Philosophy Behind Tool’s Lateralus"