To try everything Brilliant has to offer—free—for a full 30 days, visit https://brilliant.org/DreamsofCode . You’ll also get 20% off an annual premium subscr...
Stop it right now.
It does not help your threat environment. It just makes things worse.
I don’t really agree with the video for a number of points though I’d say that changing the port is not a security, but a convenience feature.
Privileged port is probably the best argument, however the attack mentioned here would only work for users not having connected to the host before, as otherwise you’d get a host key check failure. The host key wouldn’t be readable by an attacker in the case mentioned, and you wouldn’t be able to steal passwords if the user has a key authentication only.
Only allowing certain IPs won’t work in a lot of non-commercial environments, and fail2ban can be used for DOSing the server as the attacker can spoof the sending IP to a legitimate one, denying access.
I don’t really agree with the video for a number of points though I’d say that changing the port is not a security, but a convenience feature.
Privileged port is probably the best argument, however the attack mentioned here would only work for users not having connected to the host before, as otherwise you’d get a host key check failure. The host key wouldn’t be readable by an attacker in the case mentioned, and you wouldn’t be able to steal passwords if the user has a key authentication only.
Only allowing certain IPs won’t work in a lot of non-commercial environments, and fail2ban can be used for DOSing the server as the attacker can spoof the sending IP to a legitimate one, denying access.