AWS SSH Bastion
- 1. SSH DDOS Attack : Avoid By Modern Lock On AWS.
- 2. WHAT IS SSH? ● SSH stands for Secure Shell, an encrypted protocol to provide secure connections over unsecured networks. ● To send data back and forth between clients and servers. ● Uses encryption, so attackers can’t examine the exchanges to access private data. WHAT IS DDOS? ● Denial of Service (DoS) is an attack, carried out by a single attacker, which attempts to make a website or application unavailable to the end users. ● Distributed Denial of Service (DDoS) is an attack, carried out by multiple attackers either controlled or compromised by a group of collaborators, which generates a flood of requests to the application making in unavailable to the legitimate end users.
- 3. Distrubuted Denial Of Service (DDoS) Attack Without SSH Lock DDoS Attack
- 5. ★ Change SSH Port : ○ Replace SSH port 22 by any other port which will not reserved. ★ Allow trusted network & make users knock for access : ○ Allow only trusted network into security group and allow only well- known users for access. ★ Avoid configuration weakness : ○ Use SSH-2 protocol ○ Don’t ever allow users to work without passwords, set PermitEmptyPasswords no. ○ Set PermitRootLogin no so nobody can log in as root. Users who need to connect and work as root should log in as common users (that is, unprivileged and as restricted as possible) and then use sudo. Tips For SSH Hardening & Prevent Attack.
- 6. Tips For SSH Hardening & Prevent Attack. ★ Prefer key over passwords ○ Centralized key storage ○ Key rotation ★ Limit password base login ○ Set maximum number of retries MaxAuthTries 3, so after 3 wrong password attempts, the connection will be broken. ★ Continuous monitoring ○ Add server into daily monitoring checklist. ★ Usage logging ○ Keep watch on ssh auth logging.