198

Lemmy, what are some of your "oh shit" work stories? (lemmy.blahaj.zone)

submitted 10 months ago by Dio9sys@lemmy.blahaj.zone to c/asklemmy@lemmy.ml

162 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[-] boatswain@infosec.pub 15 points 10 months ago

I see this claim all the time, and it bugs me every time. Obfuscation is a perfectly reasonable part of a defense in depth solution. That's why you configure your error messages on production systems to give very generic error messages instead of the dev-centric messages with stack traces on lower environments, for example.

The problem comes when obscurity is your only defense. It's not a full remediation on its own, but it has a part in defense in depth.

[-] dan@upvote.au 7 points 10 months ago

Changing the port isn't really much obfuscation though. It doesn't take long to scan all ports for the entire IPv4 range (see masscan)

[-] lud@lemm.ee 5 points 10 months ago

It helps against stupid automated attacks though.

If someone has changed the port it's likely that they have set up a great password or disabled password auth all together.

It's worth it for just having cleaner logs and fewer attempts.

[-] dan@upvote.au 3 points 10 months ago

It’s worth it for just having cleaner logs

Those logs are useful to know which IPs to permanently block :)

[-] peter@feddit.uk 2 points 10 months ago

Technically a password is obfuscation anyway

this post was submitted on 14 Dec 2023

198 points (98.1% liked)

Asklemmy

43750 readers

1250 users here now

A loosely moderated place to ask open-ended questions

Search asklemmy 🔍

If your post meets the following criteria, it's welcome here!

Open-ended question
Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
Not ad nauseam inducing: please make sure it is a question that would be new to most members
An actual topic of discussion

Looking for support?

Looking for a community?

Lemmyverse: community search
sub.rehab: maps old subreddits to fediverse options, marks official as such
!lemmy411@lemmy.ca: a community for finding communities

~Icon~ ~by~ ~@Double_A@discuss.tchncs.de~

founded 5 years ago

MODERATORS