1 |
On Tuesday 27 July 2004 12:30 pm, Greg Watson wrote: |
2 |
> If you're not already doing so, I recommend to disable password |
3 |
> interactive login and enforce key only logins. This will prevent some |
4 |
> of the ssh exploits, brute-force attacks, and general script kiddies. |
5 |
|
6 |
I saw these attempts a couple days ago, and increased the security levels on |
7 |
some of our machines. |
8 |
|
9 |
Our policy, when possible, is to implement IPTables rules. Create a trusted |
10 |
network within a small subset of your network. Lock down SSH from these |
11 |
IP's, any specific admin's IP's to specific destination IP's on the hosts. |
12 |
This will require being on the trusted network or a admins network and |
13 |
connecting to the magic destination IP to even see ssh. |
14 |
|
15 |
I prefer to do this in a firewall because it's easier to find connection |
16 |
problems in the future than sshd configs, expecially the larger the network |
17 |
you have to maintain. The first place any of your admins will check is the |
18 |
firewall. |
19 |
|
20 |
Also, for those that have access, configure your authenticating firewalls to |
21 |
block port 22 for anywhere and require authentication to open the network. |
22 |
But, most that have these should already be doing this ;) |
23 |
|
24 |
This is probably a little anal for kiddy attacks, but it's good measure |
25 |
if/when the next zero day ssh worm is really out. |
26 |
|
27 |
Rob |
28 |
|
29 |
|
30 |
-- |
31 |
gentoo-security@g.o mailing list |