Brute-force SSH attack prevention depends on network monitoring basics

I've noticed an uptick in brute-force SSH attack attempts on non-standard ports on our network. What do you think could be behind this, and how should I can go about securing those ports?

Requires Free Membership to View

When you see an uptick in any type of attack, this could be an indicator that attackers sense vulnerability in a certain area. In this particular instance, some pockets of the IT world utilize non-standard ports for SSH access with the idea that attackers can be fooled by TCP port 22 being closed. I’ve never considered obscurity to be a viable security measure, so if your organization is employing this SSH attack prevention strategy, I would suggest reassessing whether it is actually working. 

However, if you feel strongly about pressing ahead with this SSH attack prevention method, I would suggest configuring your firewall and/or intrusion detection system to trigger an alarm whenever an unusually large number of login attempts is detected. As this information changes from network to network, you will have to determine the threshold based on your specific network metrics. Also make sure you have a strict lockout policy when a certain number of failed login attempts is reached. 

When it comes to SSH attack prevention, always check your logs. If your organization is like most, it probably maintains some sort of scripting mechanism that parses through the logs looking for anomalies – for example fail2ban. However, nothing is quite as affective as human intuition. Pay particular attention to the non-standard ports you’ve authorized for SSH access, and use common sense when monitoring its activity.

This was first published in April 2013

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: