Security « Kromey's Adventures

22 March 2010

Defend Your SSH Server

Filed under: Security — Tags: firewall, Security, ssh — Kromey @ 6:45 PM

If you manage one or more servers, chances are you employ SSH for remote management of that server. If you’ve checked the logs for your SSH server (you do check your logs, don’t you?), chances are you’ve seen plenty of these:
Mar 21 12:25:15 odin sshd[28010]: Did not receive identification string from 61.184.104.106 Mar 21 12:29:32 odin sshd[28011]: Invalid user webmaster from 61.184.104.106 Mar 21 12:29:33 odin sshd[28011]: pam_unix(sshd:auth): check pass; user unknown Mar 21 12:29:33 odin sshd[28011]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.184.104.106 Mar 21 12:29:35 odin sshd[28011]: Failed password for invalid user webmaster from 61.184.104.106 port 53329 ssh2 Mar 21 12:29:41 odin sshd[28013]: User root from 61.184.104.106 not allowed because none of user's groups are listed in AllowGroups Mar 21 12:29:41 odin sshd[28013]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.184.104.106 user=root Mar 21 12:29:43 odin sshd[28013]: Failed password for invalid user root from 61.184.104.106 port 56109 ssh2 Mar 21 12:29:45 odin sshd[28015]: Invalid user ftp from 61.184.104.106 Mar 21 12:29:45 odin sshd[28015]: pam_unix(sshd:auth): check pass; user unknown Mar 21 12:29:45 odin sshd[28015]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.184.104.106 Mar 21 12:29:47 odin sshd[28015]: Failed password for invalid user ftp from 61.184.104.106 port 59859 ssh2
There’s countless ill-intentioned folks out there who would love to gain access to your system. SSH is a great doorway, all they need to do is find the key; hopefully they haven’t (but if they had, would you know?), and today I’m going to show you 4 ways to keep your server safe. I won’t harangue you on strong passwords or using public keys instead of passwords; instead, I’ll show you other measures you can take to improve the security of those mechanisms. (more…)

Comments (0)

27 August 2009

Security Through Obscurity in the News

Filed under: Security — Tags: computer, news — Kromey @ 4:53 PM

Shortly after my previous post regarding security through obscurity, I spotted an article on ZDNet detailing a new vulnerability affecting Cisco wireless routers. If not for the reference to “skyjacking” in the title, I would have stopped reading halfway through the article and dismissed the whole thing as nothing more than a spot of sunshine lighting up a “vulnerability” in a network’s obscurity.

(more…)

Comments (0)

20 August 2009

Security Through Obscurity – Over-demonized?

Filed under: Security — Tags: computer — Kromey @ 5:53 PM

Anyone who has spent any real time dealing with computer systems’ security has heard the phrase, “Security through obscurity is no security at all.” While I won’t make false claims that I’m an expert in the field of computer security, today I will apply common-sense and some basic best practices and explain when this axiom is, in fact, false.

(more…)

Comments (1)

September 2010
M	T	W	T	F	S	S
« Apr
		1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30