Changing the SSH port from the default can be one part of a full defense strategy. The term "defense in depth" means there is more than one defensive mechanism, typically so that if a baddie is able to circumvent one mechanism, they'll be trapped by another. In this case, moving the SSH port massively reduces exposure to naive port scanners. I agree it's not a particularly strong protection, but it's a practical one (at least until everybody does this, at which point the cloud providers will just start adding port knockers).
> In terms of computer network defense, defense in depth measures should not only prevent security breaches, but also buy an organization time to detect and respond to an attack, thereby reducing and mitigating the consequences of a breach.
3 comments
[ 2.8 ms ] story [ 17.7 ms ] thread> In terms of computer network defense, defense in depth measures should not only prevent security breaches, but also buy an organization time to detect and respond to an attack, thereby reducing and mitigating the consequences of a breach.