Uh, no. While the basic risk formula is pretty much the standard one, the author fails to distinguish between the likelihood of a random or opportunistic attacker (the “most people” of the article) and a targeting/persistent attacker being deterred by a port number change.
If you have high value assets and are being targeted, changing the SSH port number has virtually no effect on likelihood. Blocking port scans?
Great, they will pay someone in your org $500 for an .ssh/config. Or $5000.
Changing SSH port numbers and the other mechanisms in this article are so much bike shedding.
Do the hard work first. Implement multiple layers, patching, monitoring, thresholds for automatic disconnect, etc.
(Aside: why do you even think the president is in that convoy? They may well be elsewhere, moved into the third suburban at the last possible invisible moment.)
I don't think the author is discouraging anyone to do the "hard work", but rather encouraging them to do the easy work to further protect all that hard work at low added cost.
My issue with that is since people have to choose how to spend their time, they may opt to do the easy work first, for very little value, then never get to the hard work, because busy/overloaded.
The article oversells the value of this easy work and may lead some astray, lulling them into a false sense of security.
> (Aside: why do you even think the president is in that convoy? They may well be elsewhere, moved into the third suburban at the last possible invisible moment.)
Unless they are actively repelling an attack, I can guarantee you that the President is absolutely not anywhere except the Beast. All of the other vehicles in the motorcade are less armored, and do not carry the critical items the President may need, namely his blood. The standard operating procedure if the President's motorcade is attacked is to exfil the President while the CAT (Counter Assault Team) lays down massive amounts of suppressing fire. To that goal, the Beast is the safest vehicle for the President to be riding in.
If you have high value assets and are being targeted, changing the SSH port number has virtually no effect on likelihood. Blocking port scans?
Great, they will pay someone in your org $500 for an .ssh/config. Or $5000.
Changing SSH port numbers and the other mechanisms in this article are so much bike shedding.
Do the hard work first. Implement multiple layers, patching, monitoring, thresholds for automatic disconnect, etc.
(Aside: why do you even think the president is in that convoy? They may well be elsewhere, moved into the third suburban at the last possible invisible moment.)