Posts Tagged ‘ips’

DenyHosts - Protecting against SSH Brute Force Attacks

If you look after a remote linux box, the chances are you use SSH, in order to connect to it you may even have to leave PORT 22 open to the whole Internet !

There are some basic security steps that you can do to protect SSH, such as block the root user from logging in, and force users to use STRONG authentication.

IDS vs IPS

Network Intrusion detection systems (NIDS) , and Network Intrusion Prevention (NIPS) systems are a common complement to a firewall implementation; couple this with Host IDS (HIDS) or Host IPS (HIPS) and you’ve made a good start at implementing an advanced security infrastructure ;)

What’s the difference ?

Sadly there’s no hard an fast rule, what’s important is understanding what you’re buying. Traditional IDS systems used sniffers & signatures to detect attacks very similar to how virus’s are found with AV; the problem with this kind of system is that it relies on a signature being available to recognize the attack; there is also a margin of error with sniffer technology, this means it’s possible to flood a network with “safe” traffic, and then slip the attack in under the radar.