As an example, imagine a system which only allows 4 digit PIN codes. This means that there are a maximum of 10,000 possible PIN combinations.
From the example above, PIN security could be increased by:
* Increasing the length of the PIN
* Allowing the PIN to contain characters other than numbers, such as * or #
* Imposing a 30 second delay between failed authentication attempts
* Locking the account after 'x' failed authentication attempts
Will try to implement the option #3 & #4 in OpnSuSe using SuSEfirewall
open your favorite editor and edit file: /etc/sysconfig/SuSEfirewall2:
# Add the following rule
FW_SERVICES_ACCEPT_EXT="0.0.0.0/0,tcp,22,,hitcount=3,blockseconds=60,recentname=ssh"
# Now Restart firewall:
rcSuSEfirewall2 restart
Now attacker will just have 3 attempts to break in.
I hope this tutorial has been useful for you too! If you've enjoyed this post, please consider subscribing to Linuxpoison for future updates and more.
4 comments:
I think you mean options 3 & 4 not 2 & 3.
Otherwise good post. Something I like to use is DenyHosts.
http://denyhosts.sourceforge.net/
Works wonders for me.
I don't know about using OpenSuse, but on Debian I really like DenyHosts. It supports centralized blocklists (optionally, of course) and blocks addresses based on customized combinations of attempts and time. I can set it to block an address if they try more than twice (or 100 times) in 30 minutes (or 3 days). It can also remove addresses from the blocklist after a designated time.
it can be all of them:
* firewall
iptables...--limit 3/minute--limit-burst 1...
* inetd hosts.allow/deny
* fail2ban
* sshd_config : PasswordAuthentication = no
I used to like DenyHosts but found it vulnerable to log injection attacks where an attacker injects strings into your logs, resulting in any IP they select getting blocked.
See: http://www.ossec.net/main/attacking-log-analysis-tools
I now use IPtables to rate limit new SSH connections.
http://www.rackaid.com/resources/how-to-block-ssh-brute-force-attacks/
Post a Comment