LINUX.IE, website of the Irish Linux Users' Group
Tux rules!

   
Home
New Users
Articles
Download
Projects
Community
Vendors

  Print Version
Email to...
 
Archives:


planetILUG

Recent News

News Archive


Join the
ILUG
on FaceBook


Join the
ILUG
on LinkedIn


Join the
ILUG SETI
Group



















 
 :: Mailing Lists

[ILUG] Help with web site security

[ILUG] Help with web site security

kevin lists at cybercolloids.net
Thu Jan 5 11:15:36 GMT 2012 

If you are looking at securing ssh we found that people tried to brute
force guess passwords on the ssh port about 2-3 times week. Not really a
risk if you have a good password policy but fills the logs up. We looked
at various options and ended up using a few lines in iptables to monitor
connections and drop ones obviously from automated brute force crackers.
There are plenty of references on the internet - search for "ssh
iptables brute force" some examples are:

http://kevin.vanzonneveld.net/techblog/article/block_brute_force_attacks_with_iptables/

http://www.go2linux.org/linux/2010/04/stop-brute-force-attacks-these-iptables-examples-732

You can use it to block brute force attacks on any port.

I preferred it to log scanners like fail2ban because it works
immediately and is very simple to set up.

Kevin.


-----Original Message-----
From: Niall O Broin <niall at magicgoeshere.com>
To: Kevin Brennan <kevin.brennan at redsquared.com>
Cc: ilug at linux.ie
Subject: Re: [ILUG] Help with web site security
Date: Thu, 5 Jan 2012 09:50:04 +0000

On 5 Jan 2012, at 08:21, Kevin Brennan wrote:

> - make sure root access via ssh is disabled

I see this touted now and then. What is the rationale? What I hear offered is "Well, you first have to get access to an account, and then you have to have the root password" i.e. you're forcing one extra layer of security . Well, why not then force 2 extra, with e.g. hardware tokens. Or 3 extra, with IP address restrictions too.

> - move ssh from port 22

If moving ssh from port 22 enhances your security, then you're doing it wrongly. All that does is keep your log files less cluttered by getting rid of (most of) the script kiddies. The only way they can get in is by guessing passwords, and you absolutely should not allow password authenticated access via ssh for that very reason - key based access is the way to go.

> - install denyhosts

Or fail2ban, which can secure more than just ssh.


Niall

More information about the ILUG mailing list
Read this without the formatting.
                                                                                                    

  

Hosted by HEAnet


 Maintained by the ILUG website team. The aim of Linux.ie is to support and help commercial and private users of Linux in Ireland. You can display ILUG news in your own webpages, read backend information to find out how. Networking services kindly provided by HEAnet, server kindly donated by Dell. Linux is a trademark of Linus Torvalds, used with permission. No penguins were harmed in the production or maintenance of this highly praised website. Looking for the Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
RSS Version
Powered by Dell