This is my concern. Massively enlarging my attack surface because "OMGZ NSA" is just bad advice. I don't think people who write these guides have a holistic picture of security or understand its best practices. We can't just keep tacking on services and questionable tricks because of feel good politics and faith in obscurity.
It reminds me of people who use things like ssh password lockouts. Why aren't you using keys or firewalling off to only IPs that need to connect. Or tacking on SSL here and there instead of using a proper VPN.
Security should lean towards simplicity and best practices, not towards a kitchen sink approach that might just make things worse for you via complexity and surface raising.
Completely agreed. Focus on what you know to be an exposure (ie publicly accessible ports) versus what you are guessing might be an exposure. To put another way, fix what you know to be broken.
It reminds me of people who use things like ssh password lockouts. Why aren't you using keys or firewalling off to only IPs that need to connect. Or tacking on SSL here and there instead of using a proper VPN.
Security should lean towards simplicity and best practices, not towards a kitchen sink approach that might just make things worse for you via complexity and surface raising.