Language Selection

English French German Italian Portuguese Spanish

SSH Security Primer: Server Security Settings

Filed under
HowTos

My previous article in this series discussed SSH client security settings. To summarize, if you can’t control installations of rogue SSH clients, your only control is to limit outbound access through firewalling or other network-layer controls. Another of my articles discusses the issues with allowing outbound SSH access to the Internet.

SSH Servers: A Basic Risk Analysis

How do you secure your SSH servers? What are the total risks of such servers to your organization? You’re well aware of the possibility of people hacking your server and getting unauthorized access. That’s bad. But there are other risks. The SANS Institute’s Top 20 risk list really stresses SSH risks. If compromised, that host can be a router/forwarder that will forward any kind of traffic to any host the p0wned box can access—even your "secured" hosts given Internet Assigned Numbers Authority (IANA) reserved IP addresses. (Read RFC 3330 and RFC 1918 for the gory details on these addresses.) In most cases, those addresses aren’t accessible over the Internet.

More of a concern is your host’s threat to the rest of the Internet.

Full Story.

More in Tux Machines

Ubuntu Core has the keys to IoT security

In October, a DDoS attack on Dyn's infrastructure took down a big chunk of the internet, making sites like Amazon and Twitter inaccessible. It was the first major attack involving IoT (internet of things) devices. Fortunately, it was also a benign attack: no one got hurt, no one died. However, the next attack could be catastrophic. No one knows when it will happen. No one knows the magnitude. Read more

Android Marshmallow on PC Falls Flat

The Android-x86 Project eventually may become a viable operating system alternative for your desktop and laptops computers, but it's not there yet. You will have to wait a while for the developers to fix a number of failures with the latest release upgrading Android-x86 to Marshmallow 6.0.1. The developers late this summer released the first stable version of Android-x86 6.0, codenamed "Marshmallow." Android-x86 lets you run the Android OS with the Google Chrome browser on your desktop and laptop computers, rather than buying one of the qualified Chromebooks with the Google Play Store features bolted on. Read more

Korora 25 Linux Released, Based on Fedora 25 Ships with Cinnamon 3.2, MATE 1.16

On December 7, 2016, the development team behind the Fedora-based Korora Linux operating system proudly announced the release and general availability of Korora 25. Read more

SparkyLinux 4.5.1 MinimalGUI ISO Respin Improves the Sparky Advanced Installer

Only four days after the official release of the Debian-based SparkyLinux 4.5 operating system, the development team published an update MinimalGUI ISO image dubbed SparkyLinux 4.5.1. Read more