Date: Fri, 18 Nov 2005 12:40:40 -0600 From: Josh Paetzel <josh@tcbug.org> To: freebsd-security@freebsd.org Cc: Timothy Smith <timothy@open-networks.net>, ray@redshift.com Subject: Re: Need urgent help regarding security Message-ID: <200511181240.40429.josh@tcbug.org> In-Reply-To: <3.0.1.32.20051117232057.00a96750@pop.redshift.com> References: <3.0.1.32.20051117232057.00a96750@pop.redshift.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Friday 18 November 2005 01:20 am, ray@redshift.com wrote: > At 02:42 PM 11/18/2005 +1000, Timothy Smith wrote: > | i have seen a similar attack recently doing a brute force ssh. > | the number ONE weakness in most poorly run IT systems, is easy > | passwords. it's amazingly easy to brute force these systems using > | common names or variations of them. > > Speaking of SSH, if you have to provide SSH service via a public > IP# (and you are unable to limit traffic to just specific > management/workstation IP#'s), then it's always a good idea to > confirm that root login is not enabled in /etc/ssh/sshd_config. > This make a brute force attack much more difficult, since a > would-be attacker not only has to hit the correct password, but > they also have to know a valid username on the system (as opposed > to just using 'root') during an attack. > > Also, if you have access to the router, it's handy to re-write > traffic from a higher public port down to port 22 on the server, > since that will trip up anyone doing scans looking for a connect on > port 22 across a large number of IP's. > > Anyway, just a couple of ideas I thought might be helpful while on > the subject of SSH hardening :-) > > Ray Use public/private keys WITH hardened pass-phrases. If you aren't sure how secure your pass-phrases are run john the ripper on them. Allow only the bare minimum of remote networks to access ssh. Make sure that only the users that need shells have them. Make double sure that users for mail/pop do NOT have shells. Often-times brute-force attacks will be directed at account names gleamed from emails. -- Thanks, Josh Paetzel
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200511181240.40429.josh>