Date: Wed, 24 Jun 2009 10:43:21 -0400 From: Daniel Underwood <djuatdelta@gmail.com> To: Erik Norgaard <norgaard@locolomo.org> Cc: RW <rwmaillists@googlemail.com>, freebsd-questions@freebsd.org Subject: Re: Best practices for securing SSH server Message-ID: <b6c05a470906240743t458b25bcn12e40375417978d8@mail.gmail.com> In-Reply-To: <4A422FCB.2050900@locolomo.org> References: <b6c05a470906221816l4001b92cu82270632440ee8a@mail.gmail.com> <4A406D81.3010803@locolomo.org> <b6c05a470906230653i6ce647c1p415e769b63d9e169@mail.gmail.com> <4A4109DE.3050000@locolomo.org> <b6c05a470906231311q48a56fddk77b456dc29695ed3@mail.gmail.com> <4A413CF8.60901@locolomo.org> <20090624143613.6a87a749@gumby.homeunix.com> <4A422FCB.2050900@locolomo.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> Point remains: Adding port knocking does not solve any security problem, it only adds > complexity, cost, points of failure, inconvenience etc while making your problem appear > differently and leaving you with the illusion of being more secure. I think that's grossly overstated, if not just plain wrong. Ceteris paribus, a system with port knocking is almost certainly more secure than a system without port knocking. It's not a guarantee against penetration. But even if it's only a heightened "degreee" of security not an additional "kind" of security measure (as you argue), it's still heightened security.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?b6c05a470906240743t458b25bcn12e40375417978d8>