Sign In
- Platform
- Solutions
- Modern NDR
- Resources
- Company
Platform
Modern NDR
Resources
Platform
Modern NDR
Resources
DETECTION OVERVIEW
Risk Factors
SSH is a common target for attackers because it is often enabled by default and provides remote access to other devices. If an attacker gains access to a poorly-secured SSH server, they can easily transfer data. Unusual data transfers can be associated with risky activity such as sharing malicious files between compromised devices or data staging. Data staging is the process of collecting and preparing data for exfiltration. Depending on the sensitivity of the transferred files, the impact can be devastating if important, proprietary, or customer data is leaked.
The system might change the risk score for this detection.
Kill Chain
Risk Score
60
N/A
Implement strict rules for outbound traffic on devices that contain valuable data
Track suspicious activity by implementing strict audit controls on important documents
Disable SSH on devices unless required
Only allow incoming SSH connections from trusted devices such as administrator workstations
Implement a strong password policy
Do not reuse passwords
Rely on public key authentication, which is more resilient to brute force attacks than password authentication, by disabling PasswordAuthentication in sshd_config
