Sign In
- Platform
- Solutions
- Modern NDR
- Resources
- Company
Platform
Modern NDR
Resources
Platform
Modern NDR
Resources
DETECTION OVERVIEW
Risk Factors
SSH is a popular target for attackers because it is often enabled by default and provides remote access to other devices. Attackers can find weak SSH passwords with low-cost techniques such as brute force attacks. If an attacker has credentials for several devices on the network, they can open multiple SSH sessions from a single device to control many devices on the network.
The system might change the risk score for this detection.
Kill Chain
Risk Score
60
Disable SSH on devices that do not require SSH access
Limit the number of login attempts per SSH session
Only allow incoming SSH connections from trusted devices such as administrator workstations
Implement a strong password policy
Do not reuse passwords
Rely on public key authentication, which is more resilient to brute force attacks than password authentication, by disabling PasswordAuthentication in sshd_config
