[SATLUG] Re: Questions about home server security: non-standard
dkowis at shlrm.org
Thu Feb 21 13:47:40 CST 2013
-----BEGIN PGP SIGNED MESSAGE-----
On 02/15/2013 01:28 PM, Frank Huddleston wrote:
> Thanks for the suggestions about security on a home server. I see
> that one thing people do is use non-standard ports. I have done
> that myself, but get the feeling that it's just security through
> obfuscation and does nothing more than put a little hurdle in the
> way of a cracker, and increases complexity. So what do you think:
> is this worthwhile as a security measure?
It only helps against botscans. Which is significant on it's own.
However, if you want your SSH to be significantly more secure, use two
factor auth. Either through google-authenticator (an open source RSA
token, basically), or through disabling password authentication and
using instead SSH keys only.
I set up SSH google-authenticator auth and I noticed an increase in
the number of bots that bounced off my network. Possibly because the
server response wasn't "NO" instead it was "second factor plz" and
that confused the botnets. I wasn't at all concerned about anyone
getting in, just noticed it in the logs.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
-----END PGP SIGNATURE-----
More information about the SATLUG