View Single Post
  #2   (View Single Post)  
Old 22nd March 2014
comet--berkeley comet--berkeley is offline
Real Name: Richard
Package Pilot
 
Join Date: Apr 2009
Location: California
Posts: 154
Default

The report from Eset is an interesting read.

http://www.welivesecurity.com/wp-con...on_windigo.pdf

The report explains what happened in the kernel.org attack in 2011, but Linux was not
the only system attacked.

From page 4 of the report:
Quote:
A wide range of operating system have been compromised by the attackers; Apple OS X, OpenBSD, FreeBSD, Microsoft Windows (through Cygwin) and Linux, including Linux on the ARM architecture.
Quote:
No vulnerabilities were exploited on the Linux servers; only stolen credentials were leveraged. We conclude that password-authentication on servers should be a thing of the past.
From page 67 (Appendix 3) of the report:
Quote:
Here are a few simple recommendations in order to protect yourself from this collection of threats:
  • Disable direct root login in your OpenSSH daemon
    (PermitRootLogin no in /etc/ssh/sshd_config)
  • Disable password-based logins and use an SSH key
  • Use SSH Agent Forwarding to SSH from servers to servers instead of copying your SSH private keys on servers. On GNU/Linux use ssh-agent or GnomeKeyring with ForwardAgent yes under a trusted Host entry in your .ssh/config file. On Windows PuTTY's Pageant supports SSH Agent Forwarding
  • Use two-factor authentication on your servers
  • Use an up to date antivirus solution

Last edited by comet--berkeley; 23rd March 2014 at 07:24 PM. Reason: grammar and spelling
Reply With Quote