Understanding VPS Security via SSH · 2020. 4. 10. · Security What to do about all these...

Preview:

Click to see full reader

Citation preview

UnderstandingVPSSecurityviaSSH

PatPannuto/MarcusDarden/CameronGagnon(fortoday!)

http://creativecommons.org/licenses/by/4.0/
http://patpannuto.com/
https://github.com/cameron-gagnon

Today'sDefinitions-VPS

Today'sDefinitions-VPS

-PAM

Today'sDefinitions-VPS

-PAM

-SPAM

Today'sDefinitions-VPS

-PAM

-SSH

ReallyToday'sDefinitions-VirtualPrivateServers(VPS)

-PluggableAuthenticationModules(PAM)

-SecureSHell(SSH)

ReallyToday'sDefinitions-VirtualPrivateServers(VPS)

Homework1!

-PluggableAuthenticationModules(PAM)

-SecureSHell(SSH)

https://c4cs.github.io/static/w17/hw/c4cs-wk1-homework.pdf

ReallyToday'sDefinitions-VirtualPrivateServers(VPS)

Homework1!

-PluggableAuthenticationModules(PAM)

-SecureSHell(SSH)Matt'spostonPiazza!

https://c4cs.github.io/static/w17/hw/c4cs-wk1-homework.pdf
https://piazza.com/class/ixgsfwif4f35is?cid=79

NowYouKnow

Project'sGoal-Showusthepasswordsofpeople(orprograms)tryingtoauthenticatetotheVirtualPrivateServer

Project'sGoal-Showusthepasswordsofpeople(orprograms)tryingtoauthenticatetotheVirtualPrivateServer

Lecture'sGoal-Showhowknowledgefromthisclasscanbeapplied

SettingupaVirtualPrivateServer-Whatdoyoudowhenyoufirstsetupanewcomputer,phone,orpersonaldevice?

SettingupaVirtualPrivateServer-Whatdoyoudowhenyoufirstsetupanewcomputer,phone,orpersonaldevice?

DotfilesHomework12!

http://c4cs.github.io/static/w17/hw/c4cs-wk12-homework.pdf

SettingupaVirtualPrivateServer-Whatdoyoudowhenyoufirstsetupanewcomputer,phone,orpersonaldevice?

DotfilesHomework12!

~/.ssh/config

Hostc4cs-lecture

Hostname138.236.11.81

Userroot

IdentityFile~/.ssh/id_rsa_do_pnu

RegularandAdvancedHomework12

http://c4cs.github.io/static/w17/hw/c4cs-wk12-homework.pdf

Let'sdiveinhttps://github.com/cameron-gagnon/ssh_pass_logging

https://github.com/cameron-gagnon/ssh_pass_logging

MakeandMakefilesHomework7!

https://c4cs.github.io/static/w17/hw/c4cs-wk7-homework.pdf

InstallingthePAMmoduleWheredidwelearnhowprogramsgetconfigurationinformation?

InstallingthePAMmoduleWheredidwelearnhowprogramsgetconfigurationinformation?

Lecture3!

http://leccap.engin.umich.edu/leccap/viewer/r/gWkG4c

InstallingthePAMmoduleWheredidwelearnhowprogramsgetconfigurationinformation?

Lecture3!

AlternativestoaPAMmoduleInstallandcompileOpenSSHfromsourcewhileaddingthispatch.Wouldgettotieinpackagemanagers(Week12!)

http://leccap.engin.umich.edu/leccap/viewer/r/gWkG4c
https://gist.github.com/sjmurdoch/1572229

Scripting#fromcreate_initial_users.sh

#listofsomedefaultusernamestoadd

whileIFS=''read-ruser||[[-n"$user"]];

do

./honeypot_user.sh"$user"

done<"usernames.txt"

RegularandAdvancedHomework3AdvancedHomework6

https://www.youtube.com/watch?v=dQw4w9WgXcQ
https://c4cs.github.io/static/w17/advanced/c4cs-wk6-advanced.pdf

PipingcommandsFromLecture6

ifconfigenp0s3|grep'inet'|tr-s"[:space:]"":"|cut-d":"-f4

Fromthe Makefile

cat/var/log/passwords|cut-d';'-f3|grep-vE

'^[[:cntrl:]]|^[[:space:]]*$$'|cut-d=-f2|tr-d''|sort|uniq|

tee-ausernames.txt

http://leccap.engin.umich.edu/leccap/viewer/r/qlB5Sh

SecurityWhattodoaboutalltheseattempts?

Configuresettingsin /etc/ssh/sshd_config topreventpasswordbasedauthenticationfail2ban

https://www.digitalocean.com/community/tutorials/how-to-protect-ssh-with-fail2ban-on-ubuntu-14-04

Attendance

Questions?

Recommended

Copyright 2013 SSH Communications Security How to Prevent Data Loss and Monitor Your Encrypted Networks Samuli Siltanen VP, EMEA SSH Communications Security
Documents
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
Documents
Getting started with SSH security and configuration
Documents
Bar IlanWinter School 5 and security notions for the SSH
Documents
Mitigating Security Risk in Practical vCPE Solutions · •SSH for VM management / system-level communication; SSH key injection with VM creation •Multi-tenant capability •Traffic
Documents
SSH Security Vulnerability Report - IT's Dirty Little Secret
Technology
OH, SSH IT! - Venafi · SSH Study on SSH Management and Security Practices. 2017. Prevent Port Forwarding Limit Use by Location NO 48% 49% YES 52% YES NO 51% Auditing Practices
Documents
GoDaddy VPS Hosting Review: Easy Control – Reliability -Security
Internet
Configuring Secure Shell (SSH) - ftp.hp.comftp.hp.com/pub/networking/software/Security-Oct2005-59906024-Chap... · Configuring Secure Shell (SSH) ... SSH-Related Commands in This
Documents
SSH COMMUNICATIONS SECURITY Q2 2017 RESULTS … · ssh communications security q2 2017 results presentation kaisa olkkonen, ceo 20.07.2017
Documents
Học VPS - Kiến thức quản trị VPS, Server
Documents
Cloux | Cloud VPS Server | Cloud VPS Hosting | Reliable
Documents
Transport-level and Web Security ( SSL / TLS, SSH )
Documents
Ericsson AB. All Rights Reserved.: SSH | 1 · Ericsson AB. All Rights Reserved.: SSH | 1 ... ssh ssh
Documents
Transport-level and Web Security (SSL / TLS, SSH) Chapter 17 of Stallings
Documents
Copyright 2015 SSH Communications Security SSH Communications Security SSH Access Management ENABLE, MONITOR & MANAGE ENCRYPTED NETWORKS Sean Lunell sean.lunell@ssh.com
Documents
Shmoocon Epilogue 2013 - Ruining security models with SSH
Data & Analytics
Distributed SSH Key Management with Proactive RSA ...SSH communication security [7] “analyzed 500 business applications, 15,000 servers, and found three million SSH keys that granted
Documents
SSH Secure Login Connections over the Internet Tatu Yloenen SSH Communications Security
Documents
Connection Wifi-SSH Name – Alisa Wifi Password (Security): alisa@12
Documents