Web Publisher Security » Linux http://www.publishersecurity.com Information security blog to help web publishers stay protected Fri, 22 May 2009 10:51:42 +0000 http://wordpress.org/?v=2.8.4 en hourly 1 SSH Attacks Rising http://www.publishersecurity.com/ssh-attacks-rising http://www.publishersecurity.com/ssh-attacks-rising#comments Sun, 18 May 2008 12:02:34 +0000 devnull http://www.publishersecurity.com/?p=18 Recently i wrote about securing SSH access with certificate login

A report from SANS warns administrators from a rising number of brute-force attacks on SSH daemons. 

http://isc.sans.org/diary.html?storyid=4408

Taking care of these things in advance will save you some headaches.

]]> http://www.publishersecurity.com/ssh-attacks-rising/feed 2 Secure login for your Linux server http://www.publishersecurity.com/secure-login-for-your-linux-server http://www.publishersecurity.com/secure-login-for-your-linux-server#comments Wed, 19 Mar 2008 13:36:50 +0000 devnull http://www.publishersecurity.com/secure-login-for-your-linux-server The SSH protocol is a secure way to manage your linux / unix server.

It offers an encrypted method of remote command line connection.

This is probably the protocol you already use for server administration.

As with most protocols, username and password is used for authentication. While this is a common way to authenticate, it is still prone to brute force attacks.

A good way to mitigate the possibility of brute force attacks against your ssh daemon, is disabling password login and enabling certificate authentication.

The idea is simple, in order to login to the server, you will have to present a file containing a unique certificate. You may store this file on a dedicated hardware token, the hard drive or a simple flash disk.

Once this certificate validates, you will gain access.

A good article on setting this up is available on Security Focus.

http://www.securityfocus.com/infocus/1810

]]> http://www.publishersecurity.com/secure-login-for-your-linux-server/feed 1