Threat Level: Infocon green

ISC Diary

Refresh Latest Diaries


Tip of the Day: Use ssh keys

Published: 2006-08-05,
Last Updated: 2006-08-05 15:06:28 UTC
by Johannes Ullrich (Version: 1)

0 comment(s)

Probably the easiest way to avoid passwords is ssh keys. SSH keys are a public/private key system that can be used instead of passwords to authenticate yourself to remote ssh servers. SSH provides a number of nice systems to manage your keys. For example you can store them in memory using 'ssh-agent'. This way, you only need to enter the key passphrase once. Even better: Keep your private ssh keys on a USB stick, connect them to the PC only once to add them to your ssh-agent. Once this is done, the keys will stay protected in memory and you can disconnect the USB stick again.

Limit logins to ssh keys, whcih eliminates the problem of password brute forcing. SSH keys can be used to limit access by IP address, or you can limit a user to execute a specific command based on what ssh key they use (great for automatic backups).


Keywords: ToD
0 comment(s)
Top of page

Anomaly Detection

Published: 2006-08-05,
Last Updated: 2006-08-05 14:18:31 UTC
by Mike Poor (Version: 1)

0 comment(s)

Ron Gula, of Dragon IDS and Tenable fame, has an interesting blog entry on monitoring large networks looking for suddent surges in atypical network traffic destined specific IPS or protocols.

Scenario: mobile malicious code compromises 150 hosts on your network.  Those hosts are loaded with bot software.  Bots need to talk to a command and control channel, and by observing these surges of bots connecting within a threshold of time... we can detect this anomolous pattern.

Ron has released code and screenshots on his research.  Definitely worth checking out.

Mike Poor    mike   <at>  intelguardians.com


Keywords:
0 comment(s)
Top of page

Comments

Please choose a specific diary above to comment

Diary Archives

Top of page
site/port/ip search:

Announcement!

IPv6 Support Added

Our iptables client now supports submitting IPv6 firewall logs.

Get ISC Swag!!

Advertisement

Security News Feeds

InternetStormCenter
SANS Newsbites
SANS @Risk

Diary Archives

Moore, Oklahoma tornado charitable organization scams, malware, and phishing - by: Adrien de Beaupre (2013-05-21)

Ubuntu Package available to submit firewall logs to DShield - by: Johannes Ullrich (2013-05-20)

Safe - Tools, Tactics and Techniques - by: Guy Bruneau (2013-05-20)

View Diary Archives

Search Diaries:

SANS Institute

View our Privacy Policy

Contact Us

Phone: (757) SANS-ISC (726-7472) - Voice Mail Only
Web Contact: handlers@isc.sans.edu
Report Bugs: Sourceforge Project
Debug Info: Browser Debug Info

"The experiences gained in the SANS Technology Institute program have helped me advance in IBM, taking a more public facing role."
- Jerome Radcliffe, SANS Technology Institute Student

"SANS is a 'giving back to the community factory.' SANS encourages and fosters growing security awareness and growing the security community."
- Rob VandenBrink, Alumni of SANS Technology Institute