Language Selection

English French German Italian Portuguese Spanish

SSH Security Primer: Server Security Settings

Filed under
HowTos

My previous article in this series discussed SSH client security settings. To summarize, if you can’t control installations of rogue SSH clients, your only control is to limit outbound access through firewalling or other network-layer controls. Another of my articles discusses the issues with allowing outbound SSH access to the Internet.

SSH Servers: A Basic Risk Analysis

How do you secure your SSH servers? What are the total risks of such servers to your organization? You’re well aware of the possibility of people hacking your server and getting unauthorized access. That’s bad. But there are other risks. The SANS Institute’s Top 20 risk list really stresses SSH risks. If compromised, that host can be a router/forwarder that will forward any kind of traffic to any host the p0wned box can access—even your "secured" hosts given Internet Assigned Numbers Authority (IANA) reserved IP addresses. (Read RFC 3330 and RFC 1918 for the gory details on these addresses.) In most cases, those addresses aren’t accessible over the Internet.

More of a concern is your host’s threat to the rest of the Internet.

Full Story.

More in Tux Machines

today's leftovers

Leftovers: Software

  • Ocs-server 0.1 Technology Preview released! (with cats!)
    Finally, after many iterations, we have something that works! The ocs-server team (Claudio Desideri and Francesco Wofford) is therefore announcing the first release of ocs-server 0.1 technology preview.
  • 5 Less known Linux Admin Tools
  • dmMediaConverter Review - Converting Videos Has Never Been Easier
    dmMediaConverter is described by its developer as an FFmpeg frontend (GUI), but regular users only need to know that it's an application that allows them to quickly convert files from one format to another, in a simple and intuitive way. It's not the best looking out there, but it gets the job done.
  • Goggles Music Manager 1.0.7 Adds Support for Ratings and Tags to Filters, More
    On July 30, the developers of the Goggles Music Manager software, an open-source music collection manager and player that supports some of the most popular audio file formats, announced the release of version 1.0.7.
  • Semi-Official Google Drive Support For Linux Arrives, What's Next?
    Three years ago, when a user would attempt to download the Google Drive Sync Client, Google would bring them to the appropriate download page, which of course, is based off of the operating system that user is running on. If a user would attempt to download the Google Drive Sync Client while running on Linux, they’d land on a page where the message reads: “Not (yet) supported for Linux.” So, what’s the deal with Google not developing a sync client for Linux users, seeing as to how they build a lot of their things using Linux? There’s one simple answer to that, unfortunately. Windows is mainstream, so a lot of their focus is put on what a majority of people use. The bigger the market, the more money in their pockets, of course. But don’t fear, change is near!

today's howtos

Leftovers: Gaming