When botnets try to break in, do you know which doors should be locked?

Closing the most common holes will deter most automated attempts

By  

In Unix systems, the "chroot" command changes the apparent root operating system – so after logging in you appear to be working from drive "X:" rather than "C:" for example. Most Unix virgins will run into this most frequently when booting from a Windows system disk in order to rebuild a Windows installation.

You can also use it to set up a "chroot jail," that will let attackers log in, but keep them locked in a harmless and quarantined section of the site. Vancoillie puts his at /etc/ssh/sshd_config; instructions for setting up and useng it are under Modify SSHD_config on this blog page.

A more detailed explanation of how to set up a chroot jail is here.

These tips only apply to Unix servers, of course, and to relatively lightweight, generic automated attacks, not those modified for a particular site, or those for which more than a few zombie PCs have been arrayed to keep probing until they find a weakness.

Windows or other servers have similar functions for root access and the potential to set up a honeypot directory that quarantine attackers who do penetrate.

Vancoillie's example does give a better idea of how some botnets prob for potential targets, looking for easy openings and then moving on if they don't find them.

These precautions are very basic – like locking the door before you leave the house.

Cops will give you the same advice if your house is ever robbed; your security doesn't have to be so tight no thief can ever get in, it only has to be tough enough to give them a little more incentive to try the neighbor's place rather than yours.

Read more of Kevin Fogarty's CoreIT blog and follow the latest IT news at ITworld. Follow Kevin on Twitter at @KevinFogarty. For the latest IT news, analysis and how-tos, follow ITworld on Twitter and Facebook.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question
randomness