Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links


Shells Virtual Desktop
BMail.ag - Secure Email Service
Server.net
CPLicense.net
VPS Server
Buy VPN
Vultr
VMs for AI
HostDare
ReliableSite White-Label Dedicated Hosting for Resellers
InterServer VPS
BMail.ag - Secure Email Service
Best VPN
High-Performance Bare Metal Server Solutions
Karvl.com
Server Mania Cloud Hosting
DataWagon Hosting
AlphaVPS Hosting
Evoxt.com
Clouvider
VPS Hosting with NVMe
Residential IPs in the US & 4G Mobile Proxies in EU & US with Unlimited Bandwidth
ReliableSite White-Label Dedicated Hosting for Resellers
Rabisu - Hosting Solutions
Shells Virtual Desktop

Categories

In this Discussion

Home General
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Dedicated Server IPMI and providers exposing them to the public network

2»

Comments

  • trewqtrewq Administrator, Patron Provider

    @jon617 said:
    Note to providers. If you cannot do any of the above, run your IPMI's on alternate ports that would be difficult to guess. Don't run on ports 80/443. Lessens the security risk a little.

    Security by obscurity isn't very effective.

  • jon617jon617 Veteran
    edited January 2017

    @trewq said:
    Security by obscurity isn't very effective.

    Yup. I said "little", not "effective". :-)

    If you're going to have a security hole, at least don't make it super obvious.

  • bsdguybsdguy Member

    @trewq said:

    @jon617 said:
    Note to providers. If you cannot do any of the above, run your IPMI's on alternate ports that would be difficult to guess. Don't run on ports 80/443. Lessens the security risk a little.

    Security by obscurity isn't very effective.

    Wrong.

    First because it actually does work quite well. Taking ssh, for instance from 22 to, say, 32547 will very much decrease the number of attacks (I guess most of them are by scriptkiddies running "c001 31i43 hackzors" scripts ...).

    Second because crypto is obscurity generation. What are you doing when you encrypt "I love cookies!" with aes-256? You create obscurity. In fact you create high quality obscurity (e.g. properly random looking).

    The "wisdom" repeated by you should be "creating security in obscure ways is insecure" because in ITsec we are very serious about mathematically sound, published, and thoroughly checked algorithms - but those algorithms then create ... obscurity.

  • trewqtrewq Administrator, Patron Provider

    @bsdguy said:

    @trewq said:

    @jon617 said:
    Note to providers. If you cannot do any of the above, run your IPMI's on alternate ports that would be difficult to guess. Don't run on ports 80/443. Lessens the security risk a little.

    Security by obscurity isn't very effective.

    Wrong.

    First because it actually does work quite well. Taking ssh, for instance from 22 to, say, 32547 will very much decrease the number of attacks (I guess most of them are by scriptkiddies running "c001 31i43 hackzors" scripts ...).

    Second because crypto is obscurity generation. What are you doing when you encrypt "I love cookies!" with aes-256? You create obscurity. In fact you create high quality obscurity (e.g. properly random looking).

    The "wisdom" repeated by you should be "creating security in obscure ways is insecure" because in ITsec we are very serious about mathematically sound, published, and thoroughly checked algorithms - but those algorithms then create ... obscurity.

    You knew exactly what I meant. No need to be a dick.

    Thanked by 1Hxxx
  • bsdguybsdguy Member

    trewq

    Sorry, but you see I'm working in ITsec and you can probably hardly imagine how often I hear that dogma. Hell I have even young colleagues who repeat it.

    I suggest you take my rant not as dickiness but rather as a useful excursion into ITsec ;)

Sign In or Register to comment.