The report from Eset is an interesting read.
http://www.welivesecurity.com/wp-con...on_windigo.pdf
The report explains what happened in the
kernel.org attack in 2011, but Linux was not
the only system attacked.
From page 4 of the report:
Quote:
A wide range of operating system have been compromised by the attackers; Apple OS X, OpenBSD, FreeBSD, Microsoft Windows (through Cygwin) and Linux, including Linux on the ARM architecture.
|
Quote:
No vulnerabilities were exploited on the Linux servers; only stolen credentials were leveraged. We conclude that password-authentication on servers should be a thing of the past.
|
From page 67 (Appendix 3) of the report:
Quote:
Here are a few simple recommendations in order to protect yourself from this collection of threats:- Disable direct root login in your OpenSSH daemon
(PermitRootLogin no in /etc/ssh/sshd_config)
- Disable password-based logins and use an SSH key
- Use SSH Agent Forwarding to SSH from servers to servers instead of copying your SSH private keys on servers. On GNU/Linux use ssh-agent or GnomeKeyring with ForwardAgent yes under a trusted Host entry in your .ssh/config file. On Windows PuTTY's Pageant supports SSH Agent Forwarding
- Use two-factor authentication on your servers
- Use an up to date antivirus solution
|