It seems to me either your ssh server is secure against password guessing programs or it is not. If it's possible for someone to get into your system by pointing a password guessing program at it, you ought to fix that. If it is not possible, then there was no reason to turn off IPV4. I think people worry about this stuff too much. Before you freak out about what I just said, understand that I am not saying hacking isn't a huge problem. I'm saying worrying doesn't help. If you disabled password logins on your ssh server, why are you worried about someone trying to guess a password? I pretty regularly have conversations with other sys admins who don't understand how I can not worry about this stuff. I don't even bother checking if hackers are pointing password guessing programs at my server, I know they are. I'd bet on it. But I've disabled password login so I don't worry about it. What if it turns out there's a vulnerability in OpenSSH to allow password logins even if you disable it? Well, there isn't. Suppose there is. Okay, well, then most likely, hackers would be breaking into Citibank and DARPA, not my systems, and I'd find out about it when the New York Times blasted it on the front page. What if the bug was so well hidden that hackers had even gotten around to your systems? Then I'd just kick them off. I've got backups. The scenario above isn't all that unrealistic. Something close occured in 2014 with the heartbleed bug. I just remained calm, made sure my systems hadn't been hacked, installed the fix, and moved on. I think the way to get to the point where you can be confident in your systems is by getting to the point where you're not worried hackers know something you don't. And the way to do that is to get connected with the ethical hacker community. Hackers are smart but so are you. Hackers know stuff but so do you. I found the group I'm in by taking the ethical hacking course at the local community college. The class itself was useful but the contacts I made were invaluable. On 4/11/21 11:53 AM, blind-sysadmins@lists.hodgsonfamily.org wrote:
I probably wouldn't be available for a meeting due to other commitments and priorities, but I would welcome security recommendations. In my case, it's a matter of securing my personal systems at home as well as a VPS that I run via Linode.
Most, if not all of what I am doing is probably obvious. I discovered yesterday that unsophisticated attackers were trying to access the server via ssh, attempting various user names, including mine. Fortunately, I've long been in the practice of disallowing password-based authentication over ssh, so they couldn't have gained unauthorized access without a key and without an exploit. Still, I wasn't comfortable, so I simply turned off ssh access over IPv4, while still allowing it over IPv6. Evidently, the attackers aren't operating against me on v6 yet.
On 11/4/21 12:18 pm, Darragh Ó Héiligh wrote:
Good afternoon,
Security is a huge concern for me at the moment. Two institutions in Ireland were targeted with Ryuk over the past few weeks. I have no doubt that there are malicious acters targeting the institution I work for right now.
I was wondering if a few of you would be up for a conversation via Zoom or Teams in the coming days. I can explain what we have done and what we are continuing to do to protect ourselves. You can do the same. Some of what we are doing might overlap but potentially we all might get a few new ideas.
My infrastructure might be considered legacy compared to some. I'm still using on-prem systems for the most part. But I have some cloud based services as well. All system admins / architects would be welcome.
Perhaps Wednesday at 10pm gmt? I don't know what that is in other time zones. But it's probably around 6pm eastern.
Regards
Darragh Ó Héiligh Performing, Promoting and Sharing traditional Irish music Performance: www.darraghpipes.ie<http://www.darraghpipes.ie> Music at the Gate: www.musicatthegate.ie<http://www.musicatthegate.ie> Ceol FM: www.ceol.fm<http://www.ceol.fm>
Tel: 00353(0)877670464 Email: darragh@ceol.fm
_______________________________________________ Blind-sysadmins mailing list -- blind-sysadmins@lists.hodgsonfamily.org To unsubscribe send an email to blind-sysadmins-leave@lists.hodgsonfamily.org
_______________________________________________ Blind-sysadmins mailing list -- blind-sysadmins@lists.hodgsonfamily.org To unsubscribe send an email to blind-sysadmins-leave@lists.hodgsonfamily.org