Security by Obscurity

Just realized that our client follows the policy of not allowing root ssh login for security reasons. it does make sense for quick security dev box. ButI would be surprised if they follow only that for the production box. But for all i know, they might be.
(I was talking about it in the context of this: http://serverfault.com/questions/244614/is-it-normal-to-get-hundreds-of-break-in-attempts-per-day)
After all, Security by Obscurity, is good enough in certain narrow conditions, if you want to stop DDOS attacks via a open ssl port.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s