SANS and several other security resources are pointing out a jump in the number of brute-force attempts on SSH services. Some companies and universities are reporting that there is a jump from a small handful of attacks to several thousands of attempts over the past week or so.
Attacks on SSH are taking off. How well is your server secured? (IMG:DSPLabs.com.au)
The SANS alert advised systems administrators and security teams to take steps to protect their systems, as a new pattern started to emerge from system logs. “From the most recent reports I have seen, the attackers have been using either ‘low and slow’ style attacks to avoid locking out accounts and/or being detected by IDS/IPS systems. Some attackers seem to be using botnets to do a distributed style attack, which also is not likely to exceed thresholds common on the network,” reported Scott Fendley of SANS ISC.
In truth, a Dshield report (http://www.dshield.org/port.html?port=22) provided by SANS shows a huge jump in attacks. Likewise, there is an interesting report provided by Deny Hosts showing a growing trend. (http://stats.denyhosts.net/stats.html)
If your company relies on SSH, then there are some steps to take to add layers of security. The first is to use strong password protection and never use easily guessed passwords or words located in a dictionary of any language. The better method is to use multi-factor or public key authentication, something SANS stresses in their alert.
Locking shell access down and allowing public access to only the services that are essential is another security step. In addition, restricting public point access and limiting the number of ways to enter a system is recommended. There are software packages that use IP Tables to lock down services and restrict access, as well as monitor failed logins and provide some measure of defense.
Jeanna Matthews and Jim Owens of Clarkson University wrote a paper mentioned in the SANS alert that is quite handy, if you are worried about the SSH attempts recently start with this paper during your research. http://people.clarkson.edu/~owensjp/pubs/leet08.pdf
View blog reactions
There are currently no comments for this article. Be the first to comment! (no registration required)
Advertising
There are currently no comments for this article. Be the first to comment! (no registration required)