Cyber Security

32 readers

1 users here now

🕵🏿 Surveillance, Information security, Cybersecurity, Interoperability, Analytics, Data tracking, Digital Disinformation, Decentralised Finance, Algorithmic Sovereignty & Privacy By Design.

Questions and answers are encouraged. Be excellent to each other. 🕊️

founded 3 months ago

MODERATORS

[email protected]

Listen up, changing SSH daemon to non-standard port is a waste of time & even less secure (www.youtube.com)

submitted 1 month ago* (last edited 1 month ago) by [email protected] to c/[email protected]

8 comments fedilink hide all child comments

Stop it right now. It does not help your threat environment. It just makes things worse.

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 2 points 1 month ago (1 children)

I have not understood why VPN is mentioned as a more secure alternative. Or is it always meant as VPN in addition to ssh?

[–] [email protected] 4 points 1 month ago (1 children)

It’s more secure to use a VPN to gain access to the network where you can access internally the services you need rather than expose many individual services to the open internet.

If I need to access something on my home network I’m not going to port forward everything through the firewall. I’m just going to use my vpn to remote in and then ssh to the system. Obviously keep your vpn server patched and up to date.

[–] [email protected] 2 points 1 month ago (1 children)

Sure, but my question was about exposing ssh compared to exposing a VPN.

[–] [email protected] 2 points 1 month ago

Honestly, one isn't better than the other. It's more of a "what can they do" if they gain access. With SSH you likely have terminal access wherever. VPN means you need to be able to talk to the service and even then it's usually just network access. Attackers have to break in further once there.

I would rather neither, but of the two I have good firewall rules internally. And failed ssh access internally is reported immediately.