Archive

Posts Tagged ‘SSH’

Importance of Updates

How important are updates?  Well, it is illustrated by the recent disaster with Debian based distros and the problem with the encryption key random generator. What was mistakenly done was that the keys were not random enough. As a result at total of 32,767 possible keys were available which meant that a key could be hacked in as little time as 1 hour, at least according to some assessments. This has been vulnerable for two years!!!!!!!

What this means is that you thought you had encrypted communication for the last two years but it may have compromised during that time.

Real Life Example:
I recently had a consulting job to set up a mail server on a remote host. An organization had set up the box two weeks prior to my notification with Ubuntu 8.04. They had done no updates and had made a basic LAMP install. When I logged in with SSH I noticed a user connected using SSH. I had been given the list of IPs that were legitimate and this was not one. Worse yet a quick check of the logs, this person was repeatedly attempting to gain root access. A check of their IP and it showed they were using a proxy, a bad indication. What it looks like is that the SSH key had been cracked and they were attempting root access.

A quick use of tcp_wrappers and they were denied access. The root password was immediately changed and all updates to fix the SSH problem were completed. This does illustrate not only the need to keep on top of updates but also the need for organizations to use multiple layers of security in case one fails. If this organization had used tcp_wrappers in the first place the issue would not have been an issue.

Debian News

Ubuntu Security Announcement

Follow

Get every new post delivered to your Inbox.

Join 55 other followers