Date: Sun, 25 Mar 2001 01:54:43 -0500 From: Graywane <graywane@home.com> To: "Duwde (Fabio V. Dias)" <duwde@duwde.com.br> Cc: freebsd-stable@freebsd.org Subject: Re: sshd revealing too much stuff. Message-ID: <20010325015443.A29255@home.com> In-Reply-To: <3ABD9014.E78871BC@duwde.com.br>; from duwde@duwde.com.br on Sun, Mar 25, 2001 at 03:28:36AM -0300 References: <Pine.BSF.4.21.0103232116280.8531-100000@server.highperformance.net> <3ABD9014.E78871BC@duwde.com.br>
next in thread | previous in thread | raw e-mail | index | archive | help
--EeQfGwPcQSOJBaQU Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Mar 25, 2001 at 03:28:36AM -0300, Duwde (Fabio V. Dias) wrote: > I don't think this is a good aproach. Nor does many people on the net > thinking about security. And no, this ISN'T security by obscurity, I > just don't like to let anyone know more than they need. If you don't > care, I don't mind. Yes, it is security by obscurity and no, most people thinking about security on the net do not believe it is an effective technique to secure a site. You secure a site by: 1. Only running services you actually need. 2. Installing good firewall rules. 3. Using any of the numerous IDS and NIDS systems. 4. Examining the source code for services you do run. 5. Not giving untrusted people accounts on your machine. 6. Having a policy in place for handling intrusions. 7. Actively monitoring security related lists and sites. =20 It shouldn't matter if people know what OS and/or software you are using. If it does, then you may be in the wrong profession. > Btw, This is my last post on this issue. OK. --=20 Note: See http://www.members.home.net/graywane/ for PGP information. --EeQfGwPcQSOJBaQU Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjq9ljIACgkQeHdFaBWUGN0IIACguQ1A9nj6aEeH8fO4XhYy7fkz gu8AoKGIjn9f1crHqp12N6YN45Fz+jZV =nA7R -----END PGP SIGNATURE----- --EeQfGwPcQSOJBaQU-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010325015443.A29255>