“Thanks to the end-of-term for many colleges and some K12 schools, brute-force attacks against SSH servers surged sharply this past weekend, according to the SANS Internet Storm Center. The sudden jump in SSH attacks merits a re-examination of how such servers should be properly secured. Jim Owens and Jeanna Matthews of the Department of Computer Science at Clarkson University have published a paper on the methods that such attacks frequently employ and on the best ways to defeat them.”
“If you’ve got an SSH server that you want to secure from brute-force attack, Owens and Matthews recommend taking several steps. First, all passwords should be strong, usernames should be non-obvious, and SSH logins for the root account should be disabled. The two also recommend running the SSH server on a non-standard high port, though they recognize that this is a “security through obscurity” tactic, and they advocate the use of software capable of parsing log files and noting multiple failed login attempts. These steps, taken in aggregate, should be sufficient to protect an SSH server, even if the number of attacks continues to rise.”
