Защита SSH-сервера — порты, ключи, port knocking, iptables
Summary
Please replace the link and try again.
Takeaways
- 😀 A non-standard SSH port can be hidden to prevent external detection by making it appear as if no one is listening on that port.
- 😀 Port scanning tools like `nmap` can be used to identify open ports, but only if you know which ports to 'ping'.
- 😀 It's possible to secure SSH access by using custom ports and key-based authentication instead of passwords, adding an extra layer of security.
- 😀 `iptables` can be used to control incoming and outgoing network traffic by setting rules that define which IP addresses and ports are accessible.
- 😀 The order of rules in `iptables` matters: higher priority rules are applied first, meaning they can override lower-priority rules.
- 😀 To restrict access to a server, you can set up `iptables` rules that accept connections only from specific IPs and ports.
- 😀 A key-based SSH setup can be enhanced by using passwords in combination with the key, ensuring even if the keys are lost, the server remains secure.
- 😀 `nmap` can be used in a loop to scan multiple ports at once, allowing you to identify which one is open for SSH access.
- 😀 `iptables` can also be used to block specific types of network traffic, such as disabling ICMP (ping) requests to make the server appear offline.
- 😀 You can clear or modify `iptables` rules using commands like `iptables -F` to reset all existing rules or `iptables -D` to delete specific ones.
- 😀 When securing a server, it's important to consider both port management (hiding ports) and user access (limiting users and using strong authentication).
Q & A
What is the primary purpose of the video script?
-The primary purpose of the video script is to demonstrate how to securely configure SSH access to a server, manage firewall rules using `iptables`, and prevent external access while allowing secure connections through specific configurations.
Why does the speaker use non-standard ports like 451916 for SSH access?
-The speaker uses non-standard ports to enhance security by making the server less detectable to common port scans. Non-standard ports are harder for attackers to guess or target compared to the default SSH port (22).
How does the `nmap` tool help in this tutorial?
-The `nmap` tool is used to scan specific ports (7000, 8000, 9000) on the server. It's used in this context to identify which ports are open for SSH access and verify whether the firewall is correctly configured to allow those connections.
What does the script say about the priority of `iptables` rules?
-The script emphasizes that `iptables` rules are processed in order, meaning that rules with higher priority (higher up in the list) are applied first. If a rule granting access is placed lower down, it might be overridden by higher-priority rules.
What happens to the firewall rule for SSH access after some time?
-The firewall rule that allows SSH access on port 451916 is automatically removed after a minute, but the other two rules (presumably for general access control) remain. This is part of a time-sensitive rule management strategy.
How does the script demonstrate blocking and allowing ICMP (ping) requests?
-The script demonstrates blocking ICMP (ping) requests using an `iptables` rule to drop ICMP packets, making the server appear offline for pinging. Later, it shows how to reverse this by changing the rule to accept ICMP packets, thus allowing pings again.
What is the significance of using SSH keys over passwords in this configuration?
-Using SSH keys instead of passwords provides stronger security because keys are more resistant to brute-force attacks. In this case, password-based SSH access is disabled, and only users with the correct private key can authenticate, making the server more secure.
What does the command `iptables -F` do in the context of this script?
-`iptables -F` is used to flush (or reset) all the current `iptables` rules. This is helpful for clearing any existing configurations before setting up new rules, ensuring a clean slate for firewall management.
What happens if the SSH keys are lost according to the script?
-If the SSH keys are lost, access to the server is denied because key-based authentication is the only allowed method. Without the correct private key, and with passwords disabled, no one will be able to authenticate.
How does the `iptables` rule prioritization affect the server's accessibility?
-The prioritization of `iptables` rules directly affects which connections are allowed or blocked. A rule that accepts connections on port 451916, for example, must have a higher priority than any rule that might block access to that port. If misconfigured, lower-priority rules could block valid connections.
Outlines
This section is available to paid users only. Please upgrade to access this part.
Upgrade NowMindmap
This section is available to paid users only. Please upgrade to access this part.
Upgrade NowKeywords
This section is available to paid users only. Please upgrade to access this part.
Upgrade NowHighlights
This section is available to paid users only. Please upgrade to access this part.
Upgrade NowTranscripts
This section is available to paid users only. Please upgrade to access this part.
Upgrade NowBrowse More Related Video
Common Ports - CompTIA Network+ N10-009 - 1.4
Common Network Ports - CompTIA A+ 220-1101 - 2.1
Belajar Dasar Jaringan Komputer dari nol - Part 4/8 | Protocol dan Port
KEAMANAN JARINGAN | 3.2.4a Konsep Praktik Keamanan Jaringan dengan Firewall pada Linux (IPTables)
The Night Cage - Kylie's Pick of the Week
Linux Crash Course - The grep Command
5.0 / 5 (0 votes)
