Những kĩ thuật tránh tấn công kiểu brute force
Bài viết sẽ còn cập nhật………………………………………
Sử dụng phần mềm để chặn những tấn công brute force (fail2ban)
Thay đổi cổng login mặc định SSH
There are a number of important security techniques you should consider to help prevent brute force logins:
SSH:
- Không cho phép login bằng tài khoản root
Không cho phép dùng ssh password (sử dụng định danh bằng mã riêng (private key))
Don’t allow root to login Don’t allow ssh passwords (use private key authentication) Don’t listen on every interface Create a network interface for SSH (e.g eth1), which is different to the interface you serve requests from (e.g eth0) Don’t use common usernames Use an allow list, and only allow users that require SSH Access If you require Internet Access…Restrict Access to a finite set of IPs. One static IP is ideal, however locking it down to x.x.0.0/16 is better than 0.0.0.0/0 If possible find a way to connect without Internet Access, that way you can deny all internet traffic for SSH (e.g with AWS you can get a direct connection that bypasses the Internet, it’s called Direct Connect) Use software like fail2ban to catch any brute force attacks Make sure OS is always up to date, in particular security and ssh packages
Application:
Make sure your application is always up to date, in particular security packages
Lock down your application 'admin' pages. Many of the advice above applies to the admin area of your application too.
Password Protect your admin area, something like htpasswd for web console will project any underlying application vulnerabilities and create an extra barrier to entry
Lock down file permissions. 'Upload folders' are notorious for being entry points of all sorts of nasty stuff.
Consider putting your application behind a private network, and only exposing your front-end load balancer and a jumpbox (this is a typical setup in AWS using VPCs)
Nguồn:
