vwilkins at indiana
Feb 25, 2005, 6:49 AM
Post #6 of 6
(601 views)
Permalink
|
Hiding the version is definitely not worthwhile, at least compared to the infinite number of other security configuration tweaks you could do. I agree that other things have been mentioned such as grsecurity, pax, exec-shield, etc., all offer tremendous features that would do far more to secure your machine. Selinux is another option, although I feel it's overkill in most situations, especially considering the complexity of setting it up properly.
The obvious, like tcp wrappers and/or a firewall also go a long way. For something like ssh, where I might need access from almost anywhere, I will typically blacklist everything out of my country to begin with and then work from there. You could also use software that has the capability to edit your blacklist in realtime, based on log activity. Additionally, I'll often only allow ssh access to a machine from a single IP on the local network. I can remotely access that machine, and then access the machine I really wanted to get to from that one. Certainly not fullproof, but it definitely makes things a lot more difficult for someone trying to hack the machine from the outside.
-----Original Message-----
From: drax [mailto:drax [at] sweon]
Sent: Fri 2/25/2005 8:03 AM
To: gentoo-security [at] lists
Cc:
Subject: Re: [gentoo-security] ssh question
James Larkby-Lahet wrote:
>>> I'm curious if there is a gentoo way to disable my ssh daemon from
>>> advertising the SSH version and OpenSSH version, like this:
Yes.
> Everyone else's consensus was that hiding version is useless,
> script-kiddies hammer everything. As an older and wiser man I have come
> to agree, obscurity isn't worth the effort. Either focus on security
> auditing, or have faith in those who do (as I do :).
>
But as james explained well, I won't paraphrase him. I think you'll find I might
not be worth the effort.
investment = security_measure(effort) * security_measure(time);
losses = compute_losses(if_hacked);
if (investment >= losses) {
dont_bother = 1;
}
To put it simply :)
Neverthless, and for knowledge's sake we'll say, I wanted to share the info I
had on the subject since I myself went through the bother of all this a while back.
Here is a post on the suject of "Banners Removal" on a web forum.
http://www.security-forums.com/forum/viewtopic.php?t=8867
It details, what you are looking to do ie: remove banners in software (including
OpenSSH).
The way to do it (as with a few other software) is to modify a .h file in the
source tree, and re-compile.
Depending on the admin and various other factors, this can be more or less hassle.
It's up to you know whether to do it or not. You have the power ;)
drax
--
Mail: drax [at] sweon
UIN: 123093451 - AIM: drax8080 - Jabber: swe [at] jabber
--===========================================================================--
There are 10 types of people, those who understand binary, and those who don't.
--
gentoo-security [at] gentoo mailing list
--
gentoo-security [at] gentoo mailing list
|
