[lug] keeping up with attacks
Stephen Kraus
ub3ratl4sf00 at gmail.com
Sun May 5 09:39:41 MDT 2019
If you insist. Not going to get into the difference between VPN which does
not present you a login, and SSH, which does, but most Pen Testers and
Auditors are going to look at you funny for exposing SSH publicly.
Do what youd like, I'm just speaking as a Pen Tester and Infosec guy.
Most people exposing SSH are not enabling extra precautions that OpenVPN
uses by default. And most clients I run into dont enforce the extra
security in SSH we've talked about above.
I'm just going by what I've run into, if you feel secure using SSH straight
exposed, go for it. I dont recommend it, and the InfoSec world isnt fond of
it, but its just my opinion at this point.
On Sat, May 4, 2019, 11:29 PM Zan Lynx <zlynx at acm.org> wrote:
> On 5/4/2019 8:11 PM, Stephen Kraus wrote:
> > Still no reason to expose it openly to the internet, at least no all the
> > time.
>
> Then it is equally foolish to expose OpenVPN or IPsec or any other service.
>
> --
> Knowledge is Power -- Power Corrupts
> Study Hard -- Be Evil
> _______________________________________________
> Web Page: http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: irc.hackingsociety.org port=6667 channel=#hackingsociety
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lug.boulder.co.us/pipermail/lug/attachments/20190505/b1d1438a/attachment-0001.html>
More information about the LUG
mailing list