Comment on Basic Security for your Website | Loudwhisper
LostXOR@fedia.io 3 months agoYeah, I just left my SSH port as 22 since I only use key-based authentication so there's really no security risk. Plus, it's funny going through the logs and looking at all the login attempts.
loudwhisper@infosec.pub 3 months ago
Yep I agree. Especially looking at all the usernames that are tried. I do the same and the only risk come from SSH vulnerabilities. Since nobody would burn a 0-day for SSH (priceless) on my server, unattended upgrades solve this problem too for the most part.
kitnaht@lemmy.world 3 months ago
I mean we just had nvd.nist.gov/vuln/detail/CVE-2024-6387 – so my guess is that you’re updating quite often to be so confident in your unattended upgrades.
loudwhisper@infosec.pub 3 months ago
Yeah I know (I mentioned it myself in the post), but realistically there is no much you can do besides upgrading. Unattended upgrades kick in once a day and you will install the security patches ASAP. There are also virtual patches (crowdsec has a virtual patch for that CVE), but they might not be very effective.
I argue that VPN software is a smaller attack surface, but the problem still exists (CVEs) for everything you expose.