1 : Sicherheit Unix Sicherheit Institut für Experimentelle und Angewandte Physik Christian-Albrechts-Universität zu Kiel Debian crash course
2 : Sicherheit Anmelden am System login an der Konsole login per xdm/gdm/kdm remote login mit telnet, rsh, ftp secure login mit ssh, scp, slogin Pluggable Authentication Modules (PAM) pam_cracklib: Mindestanforderungen an Passwort pam_opie: one time passwords
3 : Sicherheit Remote-Logins nur per SSH, niemals mit telnet, ftp vermeiden verschlüsselte Kommunikation mit SSH, dadurch kein Abhören (password im Klartext auch bei fetchmail ohne ssl oder ssh tunneling) kein login als root keine leeren Passworte nur ssh2, nicht ssh1 login per authorized_keys
4 : Sicherheit Verbesserung der Sicherheit /etc/ssh/sshd_config ändern des ports (security by obscurity) PasswordAuthentication no PermitRootLogin no (Problem mit faubackup?) restrict users /etc/hosts.allow deny iptables (ssh_blocking)
6 ~/.ssh/config : Sicherheit Host ForwardAgent yes ForwardX11 yes PasswordAuthentication no StrictHostKeyChecking no Port 2201
7 : Sicherheit Ssh-faker Ssh-faker 1.1 There s a worm out there that tries to log in through ssh using a long list of popular usernames and passwords. If you don t want it to succeed, it s a good idea to not let it connect to your actual sshd program. Ssh-faker was initially written to deal with buffer overflow attacks back when sshd was vulnerable (it may still be), but it works well for this too. This program is called by /etc/hosts.deny whenever someone connects to port 22. Unless they type in a plaintext password or type the wrong password, they get an ssh-compatible error message, and a syslog message is generated. If they type in the right password, they are added to /etc/hosts.allow, and their next connection will reach the real sshd. In my opinion, this is better than denying ip addresses as soon as they fail ssh logins three times because: - I don t want to be locked out of my own computer if I can t type my password right for some reason (broken key on keyboard/fingers on wrong keys/too much caffeine+sugar?) - This way, the /etc/hosts.deny file or iptables deny list doesn t grow all the time. - The bad guys can t get more chances just by changing their ip address.
8 : Sicherheit SSH vs Script Kiddies How-to Guide Some idiot created a SSH worm that uses a dictionary attack to try to log into a computer over port 22. The worm tries to set up shop on your computer and tries to find the next vulnerable computer. This clogs up networks with bazillions of SSH login attempts. A number of people created scripts that scan the system log files to identify the IP address of attackers and block them either using TcpWrappers or Netfilter. The problem with these approaches is that it consumes local computer resources. It also creates the risk that you can lock yourself out accidentally - maybe not a problem if the computer is in the next room, but it is a serious concern if the computer is far away on the other side of the globe. Another solution is to set SSHD to use a different port. This will work, till the attacker adds a port scanner to his worm. What is needed is a simple solution that consumes the resources of the attacker instead of your own. This little guide shows how to slow down SSH password authentication to accomplish this in a single line of code. This simple modification has been proven to completely defeat the attack, as Christian discussed T. Steigies below.
9 : Sicherheit Feb 20 09:53:54 batdaf sshd: Invalid user lpd from Feb 20 09:53:58 batdaf sshd: Invalid user lpa from Feb 20 09:54:01 batdaf sshd: Invalid user admin from Feb 20 09:54:08 batdaf sshd: Invalid user admin from Feb 20 09:54:13 batdaf sshd: Invalid user admin from Feb 20 09:54:17 batdaf sshd: Invalid user ftpuser from Feb 20 09:54:21 batdaf sshd: Invalid user ftpuser from Feb 20 09:54:26 batdaf sshd: Invalid user ftpuser from Feb 20 09:54:34 batdaf sshd: Invalid user ftpuser from Feb 20 09:54:41 batdaf sshd: Invalid user ftpuser from Feb 20 09:54:47 batdaf sshd: Invalid user ftpuser from Feb 20 09:54:54 batdaf sshd: Invalid user ftpuser from Feb 20 09:54:59 batdaf sshd: Invalid user mailtest from Feb 20 09:55:03 batdaf sshd: Invalid user mailtest from Feb 20 09:55:07 batdaf sshd: Invalid user mailtest from Feb 20 09:55:11 batdaf sshd: Invalid user mailtest from Feb 20 09:55:17 batdaf sshd: Invalid user mailtest from Feb 20 09:55:25 batdaf sshd: Invalid user mailtest from Feb 20 09:55:29 batdaf sshd: Invalid user testuser from Feb 20 09:55:36 batdaf sshd: Invalid user testuser from Feb 20 09:55:40 batdaf sshd: Invalid user testuser from Feb 20 09:55:43 batdaf sshd: Invalid user testuser from Feb 20 09:55:47 batdaf sshd: Invalid user testuser from Feb 20 09:55:51 batdaf sshd: Invalid user testuser from Feb 20 09:55:56 batdaf sshd: Invalid user sales from Feb 20 09:56:00 batdaf sshd: Invalid user sales from Feb 20 09:56:03 batdaf sshd: Invalid user sales from Feb 20 09:56:13 batdaf sshd: Invalid user sales from Feb 20 09:56:18 batdaf sshd: Invalid user sales from Feb 20 09:56:22 batdaf sshd: Invalid user sales from Feb 20 09:56:27 batdaf sshd: Invalid user sales from
10 mit ssh_blocking : Sicherheit Feb 20 14:31:33 batdaf sshd: Invalid user lpd from Feb 20 14:31:35 batdaf sshd: Invalid user lpa from Feb 20 14:31:38 batdaf sshd: Invalid user admin from Feb 21 13:48:16 batdaf sshd: Invalid user delta from Feb 21 13:48:19 batdaf sshd: Invalid user admin from Feb 21 13:48:22 batdaf sshd: Invalid user test from Feb 21 13:53:56 batdaf sshd: Invalid user project from Feb 21 13:59:32 batdaf sshd: Invalid user jeeto from Feb 21 14:05:10 batdaf sshd: Invalid user http from Feb 21 14:53:01 batdaf sshd: Invalid user delta from Feb 21 14:53:03 batdaf sshd: Invalid user admin from Feb 21 14:58:36 batdaf sshd: Invalid user violet from Feb 21 16:14:09 batdaf sshd: Invalid user from
Firewall August, 2003 1 Firewall and Access Control This product also serves as an Internet firewall, not only does it provide a natural firewall function (Network Address Translation, NAT), but it also
Outlook Web App User Guide Outlook Web App (OWA) is the new version of the webmail system that enables you to access your email from home, or wherever you have an Internet connected computer. There are
Alerting, Recording and Motion Detection Guide This document is intended to be used as a general guide to the set up and use of the motion detection and recording features of the cameras offered in the
Loadbalancer.org Appliance Setup v5.9 This document covers the basic steps required to setup the Loadbalancer.org appliances. Please pay careful attention to the section on the ARP problem for your real
TRANSCRIPT OF WEBINAR Beyond the Firewall Watch the webinar PARTICIPANTS: Moderator Neil Carter, StillSecure Senior Security Engineer Chris Hill, Hostway Sales Engineer Manager JUMP TO A TOPIC: 1. Introduction
BEST PRACTICES FOR SCSP POCS Best Practices for Critical System Protection Proof of Concepts Version 1.0 1 1. UNDERSTANDING SERVER RISK... 4 1.1. HOW TO PROTECT YOURSELF: DEVELOPING SERVER HARDENING CONFIGURATIONS...
Network Monitoring with Xian Network Manager Did you ever got caught by surprise because of a network problem and had downtime as a result? What about monitoring your network? Network downtime or network
Securing Linux Servers Best Practice Document Produced by the AMRES-led working group on Security Authors: M. Kukoleča (AMRES), M. Zdravković (RCUB), I. Ivanović October 2014 TERENA 2014 All rights reserved.
Net Integration Technologies, Inc. http://www.net itech.com Net Integrator Firewall Technical Overview Version 1.00 TABLE OF CONTENTS 1 Introduction...1 2 Firewall Architecture...2 2.1 The Life of a Packet...2
Posting Your Initial Entries Login To login, click on the Login link on the gray bar, enter your UserName (i.e. your Screen Name,) and your Password, and click Login. - 1 - Quick Reference 1 2 3 4 Whenever
Concentsus Online Backup User Manual Concentsus Small Business 5252 Edgewood Drive, Suite 250 Provo, UT 84604 888-889-9949 www.concentsus.com 2008 Concentsus, a service of efilecabinet, LC All Rights Reserved.
McAfee SIEM Alarms Setting up and Managing Alarms Introduction McAfee SIEM provides the ability to send alarms on a multitude of conditions. These alarms allow for users to be notified in near real time
Network Detective 2015 RapidFire Tools, Inc. All rights reserved V20150201 Contents Purpose of this Guide... 3 About Network Detective... 3 Overview... 4 Creating a Site... 5 Starting a HIPAA Assessment...
Cisco Secure PIX Firewall with Two Routers Configuration Example Document ID: 15244 Interactive: This document offers customized analysis of your Cisco device. Contents Introduction Prerequisites Requirements
Cyber Security: Beginners Guide to Firewalls A Non-Technical Guide Essential for Business Managers Office Managers Operations Managers This appendix is a supplement to the Cyber Security: Getting Started
1 SerialMailer Manual For SerialMailer 7.2 Copyright 2010-2011 Falko Axmann. All rights reserved. 2 Contents 1 Getting Started 4 1.1 Configuring SerialMailer 4 1.2 Your First Serial Mail 7 1.2.1 Database
User's Manual Intego Remote Management Console User's Manual Page 1 Intego Remote Management Console for Macintosh 2007 Intego, Inc. All Rights Reserved Intego, Inc. www.intego.com This manual was written
CSE 490K Firewalls Firewalls and Network Defense Tadayoshi Kohno! Idea: separate local network from the Internet Trusted hosts and networks Firewall Router Intranet DMZ Demilitarized Zone: publicly accessible
Resolving network file speed & lockup problems Network / file problems can take many forms but most often it s a network configuration problem issue. The biggest potential problem area is Opportunistic
Cloud Computing For Bioinformatics EC2 and AMIs Cloud Computing Quick-starting an EC2 instance (let s get our feet wet!) Cloud Computing: EC2 instance Quick Start On EC2 console, we can click on Launch