Preventive Measures to Block SSH Attacks
(Page 1 of 4 )
It should not surprise anyone that over the past few years, SSH attacks have become stupendously frequent. It is not uncommon to see tens of thousands of login occurrences in the case of a mid-sized company. Throughout this article we will look into viable solutions and preventive measures that we recommend implementing to reduce the count of these attacks—often eliminating them entirely.
The vast majority of SSH attacks aren’t executed by skilled hackers that are willing to do everything it takes to break into your servers. Statistics have proven that script kiddies dominate, and most of the time, they have no real reasons or motives. It is just that getting remote access into a server can open doors to countless other opportunities. But losing control over machines can be pretty sad.
We will focus on taking preventive measures to block brute-force SSH attacks. Brute-force is a technique that includes automating the login procedure, doing a countless number of attempts in a particular time-frame, using dictionaries and other specific techniques, to improve the probability of guessing the password. These attacks are pretty visible from the log files as multiple failed login attempts. And they can be blocked—effectively!
Larger corporations and business organizations are hiring experts and the services of numerous high-profile IT security companies to greatly increase their security. Unfortunately, the harsh reality is that when and if the attack is targeted, there is almost always a way to get in. It’s like acquiring the most secure car and using the best possible alarm systems on the market—there is still a way to break into it.
The question is more than likely “how far” the attacker is willing to go instead. In the case of most attacks, those script kiddies will quickly switch targets, since all they go for is checking the obvious; if those doors are open, they are more than happy to step through them, but when things gets tougher, they simply give up. This is basically good news for us, since it means that, almost always, the attacker won’t go the extra mile.
In this article we will discuss most prevention techniques, security tips, and popular strategies that do an awesome job eliminating most attacks. But please be aware that there are no guarantees and there is always a way in. However, chances are you will also find out that once these are implemented, the count of SSH attacks drops to almost zero. Brute-forcing won’t be possible. It takes too much time. It’s just too hard.
Let’s get down to action.
Next: Preventive Measures >>
More Server Administration Articles
More By Barzan 'Tony' Antal
