[H-GEN] Re: Blocking SSH exploits
Nick Kwiatkowski
nickolas at au1.ibm.com
Sun Aug 22 19:40:35 EDT 2004
Troy Piggins <troy at piggo.com> wrote on 23/08/2004 09:16:03 AM:
>
> If you want ssh available to the outside world, I guess you just
> have to ensure good username and password policies, and hope that
> openssh has no security leaks or exploits ... and keep it up to
> date.
>
Interesting option is "port knocking" [1],[2], basically like the covert
spy, a series of knocks tells the computer to open a port. Benefit is that
the port is closed when it is not required, but you need to
implement/install the scripts to do at both end and ensure that they are
correctly done.
Nik
[1] http://www.portknocking.org/
[2] Article for and against.
http://www.linuxjournal.com/article.php?sid=6811
Nickolas Kwiatkowski
IT Architect
Systems Engineering and Architecture (SEA)
Application Management Services
IBM Global Services
phone: 07 3887 6041, mobile: 0412 121 276, email: nickolas at au1.ibm.com
"In the middle of difficulty lies opportunity" - Albert Einstein
More information about the General
mailing list