[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] SSH on port 22
>Does using the standard port 22 open us up to more attacks, >and what are the thoughts of allowing SSH to directly access >internal networks from the internet ? Opening ports directly to your systems, especially on known ports, is always a security concern. The degree of risk depends on the nature of the application and its implementation. Also, it depends on whether you are using encryption and authentication - and also what layers are performing the encryption / authentication. In the case of SSH, it does inherently perform encryption and authentication. In one way, it does provide some level of security compared to let's say allowing just "telnet". If you can restrict the source/destination IP addresses, you make it "harder" for someone to hack in. For SSH authentication, you can have it authenticate via password or via public key crypto. It is recommended that you use a public key crypto model to perform your authentication - this way, your passwords never travel over the network, and someone wouldn't have the ability to perform brute-force password attacks against your SSH server if you configure it to authenticate only via public keys... Amin Tora, CISSP ePlus Technology http://www.eplus.com NASDAQ: PLUS ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|