Re: [tlug] Blocking bad sshd bruteforce attempt

["Josh Glover" <jmglov@example.com>]

On 12/07/06, GMO Unix Erin D. Hughes <erin-hughes@example.com> wrote:

> [Josh Glover sed:]   <<== Erin, don't forget the attribution!
>
> > If you rely solely on security by obscurity, you are a fool. If
> > security by obscurity is but one part of a layered defence, then you
> > are a wise man. :)
>
> But how many layers do you deem necessary I think 3 is good for me...
> 1. Strong Passwords
> 2. SSH2 only & limited users
> 3. alternate port

Three sounds sufficient to me. Remember, when defending against bots
and scanners, the idea is not necessarily to achieve "ultimate
security" (which can only be achieved by unplugging the network), but
to make yourself more secure than 99% of the other boxes on the 'Net.
Which you almost certainly are, with three layers of countermeasures.

-Josh