On Nov 29, 2005, at 7:48 AM, Bruno Schaeffer wrote:
Hi,
I am running a Mac OS X Tiger Server and I am increasingly
observing attacks trying to log in via SSH and guessing user ids
and passwords. The server is only accessible via SSH from the
Internet and only two user ids whose passwords are well chosen can
log in via SSH. Nevertheless, I would like to limit those attacks
since they also consume quite some resources, esp. bandwidth. What
are you practicing or suggesting? I am using the firewall which is
included with Mac OS X.
Best regards
--Bruno
P.S.: Is there any literature/links on how to improve the security
of a Mac OS X Server?
A few tried and truly proven things you can do are; 1) turn off root
login (PermitRootLogin no), 2) disable password login
(PasswordAuthentication no) and 3) enable 2 factor authentication
(comes in many shapes and sizes), 4) AllowUsers for only non-admin
accounts and 5) DenyUsers the admin user (su to an admin account once
logged on), 6) set MaxAuthTries to a low number, 1 or 2, etc, etc
( there are a few other items that you can do but these start to out
weigh the risk in most commercial deployments).
Moving sshd to a "non-standard" port is nothing more than obfuscation
and will do nothing to thwart a hacker, even the most unskilled.
Firewalls, real firewalls, not ipfw, are ok but can become
problematic if the users using dynamically assigned ips, plus,
bypassing firewalls is trivial these days which is why security in
depth is so important.
Darich
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/macos-x-server/darich%40omni-
infosec.com
This email sent to email@hidden
---
Darich Runyan
President/Principal Consultant
Omni Infosec Ltd.
734 Thimble Shoals Blvd.
Newport News, VA 23606
757-876-3805
