SSH Compromise Detection using NetFlow/IPFIX
نویسندگان
چکیده
منابع مشابه
Unveiling SSHCure 3.0: Flow-based SSH Compromise Detection
Network-based intrusion detection systems have always been designed to report on the presence of attacks. Due to the sheer and ever-increasing number of attacks on the Internet, Computer Security Incident Response Teams (CSIRTs) are overwhelmed with attack reports. For that reason, there is a need for the detection of compromises rather than compromise attempts, since those incidents are the on...
متن کاملSSH and Intrusion Detection
Widespread use of the SSH protocol greatly reduces the risk of remote computer access by encoding the transmission of clear text usernames and passwords. Prior to the use of SSH, packet sniffing, which allows malicious users to watch for the login process in the clear text packet traffic on a network segment, was an easy method for a malicious user to gain unauthorized access to a machine. Unfo...
متن کاملThe Risks of Using SSH
Executive Summary This paper deals with security issues surrounding the use of Secure Shell (SSH). SSH is a replacement for telnet, rlogin, ftp, rsh, rcp, rdist, and other r*-based programs. It offers a secure communication channel between computers on an insecure network. Authenticity, confidentiality, and integrity are provided. Despite these features, SSH has several weaknesses that render i...
متن کاملFlow-based compromise detection
Brute-force attacks are omnipresent and manyfold on the Internet, and aim at compromising user accounts by issuing large numbers of authentication attempts on applications and daemons. Widespread targets of such attacks are Secure SHell (SSH) and Web applications, for example. The impact of brute-force attacks and compromises resulting thereof is often severe: Once compromised, attackers gain a...
متن کاملSSHCure: A Flow-Based SSH Intrusion Detection System
SSH attacks are a main area of concern for network managers, due to the danger associated with a successful compromise. Detecting these attacks, and possibly compromised victims, is therefore a crucial activity. Most existing network intrusion detection systems designed for this purpose rely on the inspection of individual packets and, hence, do not scale to today’s high-speed networks. To over...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: ACM SIGCOMM Computer Communication Review
سال: 2014
ISSN: 0146-4833
DOI: 10.1145/2677046.2677050