Need urgent help regarding security
Josh Paetzel
josh at tcbug.org
Fri Nov 18 10:46:28 PST 2005
On Friday 18 November 2005 01:20 am, ray at redshift.com wrote:
> At 02:42 PM 11/18/2005 +1000, Timothy Smith wrote:
> | i have seen a similar attack recently doing a brute force ssh.
> | the number ONE weakness in most poorly run IT systems, is easy
> | passwords. it's amazingly easy to brute force these systems using
> | common names or variations of them.
>
> Speaking of SSH, if you have to provide SSH service via a public
> IP# (and you are unable to limit traffic to just specific
> management/workstation IP#'s), then it's always a good idea to
> confirm that root login is not enabled in /etc/ssh/sshd_config.
> This make a brute force attack much more difficult, since a
> would-be attacker not only has to hit the correct password, but
> they also have to know a valid username on the system (as opposed
> to just using 'root') during an attack.
>
> Also, if you have access to the router, it's handy to re-write
> traffic from a higher public port down to port 22 on the server,
> since that will trip up anyone doing scans looking for a connect on
> port 22 across a large number of IP's.
>
> Anyway, just a couple of ideas I thought might be helpful while on
> the subject of SSH hardening :-)
>
> Ray
Use public/private keys WITH hardened pass-phrases. If you aren't
sure how secure your pass-phrases are run john the ripper on them.
Allow only the bare minimum of remote networks to access ssh. Make
sure that only the users that need shells have them. Make double
sure that users for mail/pop do NOT have shells. Often-times
brute-force attacks will be directed at account names gleamed from
emails.
--
Thanks,
Josh Paetzel
More information about the freebsd-security
mailing list