Educause Security Discussion mailing list archives
Re: Remote Access to Staff Desktops
From: Valdis Kletnieks <Valdis.Kletnieks () VT EDU>
Date: Sat, 21 Feb 2009 23:43:04 -0500
On Fri, 20 Feb 2009 08:29:22 EST, Dexter Caldwell said:
I severely limit ssh access form off-campus, however, we have some legacy systems where access is historical or where we've granted it. We constantly get ssh brute force attacks on these servers. The best thing I've done to shut this down is use an ssh brute force signature on the ips to terminate these attemps. It's been quite successful and users haven't noticed the change.
Something that *way* too few sites bother doing is restricting SSH access up front, if possible. We've have very good success on some of our systems where only a few people needed ssh into the box, of restricting inbound with iptables to only allow the 2 /16s of on-campus addresses, and then identify the /16 each person was likely to land in from their at-home cablemodem or DSL line. No ssh brute forces to worry about, because the chances of the brute-forcer being in the same /16 as our user are vanishingly small... This has the *added* benefit of *also* blocking any non-brute-force ssh attacks, like if somebody finds a 0day. Suddenly, the attacker has to be in one of the 3 or 4 /16s that can get to the box, and attacking from Moldavia or someplace no longer works...
Attachment:
_bin
Description:
Current thread:
- Re: Remote Access to Staff Desktops, (continued)
- Re: Remote Access to Staff Desktops Anthony Maszeroski (Feb 18)
- Re: Remote Access to Staff Desktops Greg Francis (Feb 18)
- Re: Remote Access to Staff Desktops Stanclift, Michael (Feb 18)
- Re: Remote Access to Staff Desktops Valdis Kletnieks (Feb 19)
- Re: Remote Access to Staff Desktops Dexter Caldwell (Feb 20)
- Re: Remote Access to Staff Desktops Himes, Daniel (Feb 20)
- Re: Remote Access to Staff Desktops Hammond, Stanley (Feb 20)
- Re: Remote Access to Staff Desktops Scott Dier (Feb 20)
- Re: Remote Access to Staff Desktops Miller, Don C. (Feb 20)
- Re: Remote Access to Staff Desktops James R. Pardonek (Feb 20)
- Re: Remote Access to Staff Desktops Valdis Kletnieks (Feb 21)
- Re: Remote Access to Staff Desktops Dexter Caldwell (Feb 22)
- Re: Remote Access to Staff Desktops Avdagic, Indir (Feb 23)
- Re: Remote Access to Staff Desktops Hugh Burley (Feb 25)