I am paranoid?
-
@Dashrender said in I am paranoid?:
@tonyshowoff said in I am paranoid?:
@Dashrender said in I am paranoid?:
@scottalanmiller said in I am paranoid?:
@tonyshowoff said in I am paranoid?:
I'd hope you wouldn't have passwords so easy that within a few minutes of finishing the install they've guessed it. You can cut down on a hell of a lot of these by changing the SSH port, that's the first thing I always do. I don't consider it security through obscurity, because it's not so much for security as it is to just be less obvious and keep my logs cleaner.
Less obvious is the singular goal of security through obscurity That's just rewording it.
Logs cleaner makes sense.
And are the cleaner logs worth the hassle of remembering that the port has been changed?
It's not really a hard thing to remember, especially if you make it standard. If you can't remember something like that, you probably shouldn't be in IT since there are much longer numbers and more complex ones. Did you ever ask "are locally routed IP ranges for NAT worth the hassle of remembering what they are?" Come on.
No, because I don't expect someone to walk in and assume them to be anything. But if I hire a consultant to do some work, He's going to assume SSH is on port 22 and when it fails, he's going to be like - hey bro - you know SSH is broken - then he's going to think security through obscurity eh? huh, does this guy really know anything? and only after talking you for a while will he be like - ok yeah this guy knows his stuff, but damn.. that SSH port change is just weird.
That's what documentation is for. That's why we don't have all the same root password or whatever.
-
@Dashrender said in I am paranoid?:
@tonyshowoff said in I am paranoid?:
@Dashrender said in I am paranoid?:
@scottalanmiller said in I am paranoid?:
@tonyshowoff said in I am paranoid?:
I'd hope you wouldn't have passwords so easy that within a few minutes of finishing the install they've guessed it. You can cut down on a hell of a lot of these by changing the SSH port, that's the first thing I always do. I don't consider it security through obscurity, because it's not so much for security as it is to just be less obvious and keep my logs cleaner.
Less obvious is the singular goal of security through obscurity That's just rewording it.
Logs cleaner makes sense.
And are the cleaner logs worth the hassle of remembering that the port has been changed?
It's not really a hard thing to remember, especially if you make it standard. If you can't remember something like that, you probably shouldn't be in IT since there are much longer numbers and more complex ones. Did you ever ask "are locally routed IP ranges for NAT worth the hassle of remembering what they are?" Come on.
No, because I don't expect someone to walk in and assume them to be anything. But if I hire a consultant to do some work, He's going to assume SSH is on port 22 and when it fails, he's going to be like - hey bro - you know SSH is broken - then he's going to think security through obscurity eh? huh, does this guy really know anything? and only after talking you for a while will he be like - ok yeah this guy knows his stuff, but damn.. that SSH port change is just weird.
If you are hiring a consultant, you should be providing documentation on how to connect. I don't come into a place and just try to randomly connect to something. I connect to what the client tells me to connect to, how they tell me to connect.
I might also have an opinion about why something is non-standard, but I would not mouth it off, because, you know, I like to get paid.
-
@JaredBusch said in I am paranoid?:
@Dashrender said in I am paranoid?:
@tonyshowoff said in I am paranoid?:
@Dashrender said in I am paranoid?:
@scottalanmiller said in I am paranoid?:
@tonyshowoff said in I am paranoid?:
I'd hope you wouldn't have passwords so easy that within a few minutes of finishing the install they've guessed it. You can cut down on a hell of a lot of these by changing the SSH port, that's the first thing I always do. I don't consider it security through obscurity, because it's not so much for security as it is to just be less obvious and keep my logs cleaner.
Less obvious is the singular goal of security through obscurity That's just rewording it.
Logs cleaner makes sense.
And are the cleaner logs worth the hassle of remembering that the port has been changed?
It's not really a hard thing to remember, especially if you make it standard. If you can't remember something like that, you probably shouldn't be in IT since there are much longer numbers and more complex ones. Did you ever ask "are locally routed IP ranges for NAT worth the hassle of remembering what they are?" Come on.
No, because I don't expect someone to walk in and assume them to be anything. But if I hire a consultant to do some work, He's going to assume SSH is on port 22 and when it fails, he's going to be like - hey bro - you know SSH is broken - then he's going to think security through obscurity eh? huh, does this guy really know anything? and only after talking you for a while will he be like - ok yeah this guy knows his stuff, but damn.. that SSH port change is just weird.
If you are hiring a consultant, you should be providing documentation on how to connect. I don't come into a place and just try to randomly connect to something. I connect to what the client tells me to connect to, how they tell me to connect.
I might also have an opinion about why something is non-standard, but I would not mouth it off, because, you know, I like to get paid.
LOL - most of that was internal though processes, not verbal ones...
-
-
@BRRABill nice!