[Nottingham] Security on Linux
Steve Caddy
steve.m.caddy at ntlworld.com
Thu Jun 26 11:42:19 BST 2008
Ron Wilton wrote:
> Can you tell me a little more about 'ssh' and 'casual poking on port 22',
> please?
Basically, ssh is the more secure replacement for telnet (which is now pretty
much deprecated), so you can remotely login to your computer, to access a
command prompt. It's normally accessed via port 22 on your computers network
interface (like http (web) is normally served on port 80). It's fairly common
for casual hackers to probe port 22 to see if they can get a ssh login prompt.
Of course, without a valid username and pssword, they won't be able to login.
However, what I normally do, it change the port to something non-standard, so
that I know where it is, should I want to login, but to the casual hacker, it
looks like the machine isn't offering ssh login, because port 22 doesn't respond.
Of course, there's nothing you can do about a hacker probing all the ports in
turn to find out what services are provided on which ports to try to find a way
in, but then it's proetty obvious that someone's trying to attack your machine,
and it isn't a "mistaken IP/accidental attempt". If you find someone port
scanning your machine (which you'll see clearly in the logs, complete with time
and source address), that's normally sufficient grounds to alert the domain
owner (usually the ISP) that someone (whose IP address and the times you can
supply from your log) is doing something naughty, which may be breaking the
ISP's acceptible Use policy.
As long as you've got up to date versions of the services that you're
providing, then your machine will be pretty secure. The weakest link will
probably always be the username and password pair, unless there's an
undiscovered way of causing a buffer or stack overflow by sending specially
constructed messages to the service to exploit the vulnerability. But that's
pretty much always going to be a risk on any system, which can only be
mitigated by using tried, tested, and mature services, where such problems will
have already been discovered and fixed.
Steve
--
Steven M Caddy, MEng ------------------------------------------------------
"Hardware - the part of the computer you kick when the software fails"
Email: steve.m.caddy at ntlworld.com
More information about the Nottingham
mailing list