More SSH 'trolling'
Rodolfo J. Paiz
rpaiz at simpaticus.com
Thu Oct 14 19:45:37 UTC 2004
On Thu, 2004-10-14 at 21:25 +0200, Alexander Dalloz wrote:
> I must say that I do not understand that argument. It would be same as
> saying: SSH is useless, because it's enryption of the transfered
> information induces a sense of security, while it does not protect
> against the usage of secure passwords.
That is not an accurate or fair comparison (even though I know you meant
"insecure" passwords). SSH's encryption does protect effectively against
anyone sniffing your password, and they will have to attempt a
dictionary or social-engineering attack to get it... but SSH itself is
not easily or trivially defeated.
Portknocking can be sniffed, analyzed, and defeated by someone with
access to the wire, making it a trivially-defeatable measure for *some*
attackers. This is a far cry from SSH, but it's also a far cry from
"useless" since most attackers worldwide do not have the ability to
sniff your wire for the right packets.
IMHO: Portknocking is a useful addition to my "defense in depth"
strategy, providing a small additional measure of marginal protection to
my system. Of course, it is not a replacement or substitute for any
standard security measures... it should be additional. And it *can* lure
naïve users into a false sense of security; but so can many other
things.
Cheers,
--
Rodolfo J. Paiz <rpaiz at simpaticus.com>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20041014/c9c6f80a/attachment-0001.sig>
More information about the fedora-list
mailing list