[lug] keeping up with attacks
Stephen Kraus
ub3ratl4sf00 at gmail.com
Sat May 4 10:48:59 MDT 2019
You can attack a VPN, but without the encryption certs its not going to be
brute forceable like SSH.
Rule of thumb: If its an admin access method (SSH, RDP, etc.) it should not
be public facing. The VPN requires you to change networks (connect to it)
to pivot to attacking the box. It adds a layer of seperation from your
critical admin access methods
Isolating public facing items to customer items only (HTTP/HTTPS/FTP/SFTP)
limits your attack surface and frustrates bot attacks, so long as you are
keeping up with vulnerability audits and patching.
If you must use public facing SSH, public key only access helps limit
drivebys
On Sat, May 4, 2019, 12:25 PM Bucky Carr <bcarr at purgatoire.org> wrote:
>
> Educate me a bit. Wouldn't the attack vector then simply change from a
> public facing sshd to the openVPN server? Doesn't an sshd which requires a
> certificate challenge to gain access = the protection of openVPN?
>
> I ask this despite regularly seeing attacks on my sshd but never having
> seen an attack on my openVPN server. (probably answering my own question,
> eh?)
>
>
> On 5/4/2019 10:15 AM, Stephen Kraus wrote:
>
> Why is your SSH public facing anyways? OpenVPN is free, set it up and deny
> any SSH from external IPs. Best practice is to always use VPN or a Jump Box
> to access SSH.
>
>
> _______________________________________________
> Web Page: http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: irc.hackingsociety.org port=6667 channel=#hackingsociety
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lug.boulder.co.us/pipermail/lug/attachments/20190504/20fc74d0/attachment-0001.html>
More information about the LUG
mailing list