[GLLUG] Maybe OT - Fail2ban and what triggers it
damion.yates at gmail.com
damion.yates at gmail.com
Mon Mar 18 23:02:46 UTC 2013
On Mon, 18 Mar 2013, Mike Brodbelt wrote:
> I've never been convinced by most of the "advice" on securing SSH.
> Port alterations and similar pre-auth shenanigans don't add a great
> deal of actual security, they just remove rubbish from the logs which
> makes people feel better.
The fact that logs show zero attempts to access is important.
You're able to see non-automated attempts to exploit your server, much
more likely to be an intentional attempt directed at your machine rather
than just a botnet trying to grow in size.
There have been exploits in the ssh daemon itself permitting access via
cleverly crafted code able to connect to said host.
> If there is a problem with SSH security, it's that passwords chosen by
> users are typically poor
This is all good advice. But don't _just_ trust authentication.
I would recommend that complex port knocking and firewall rules
permitting only certain networks, is extremely sensible on top of
improved authentication.
- Damion
--
Damion Yates - Google UK Ltd
Belgrave House, 76 Buckingham Palace Rd, London SW1W 9TQ - reg:3977902
More information about the GLLUG
mailing list