SSH: Fight Club

Threats SSH can COUNTER


  • eavesdropping

    • it is a network snooper that reads network traffic without affecting it. SSH encryptions prevent eavesdropping.

  • Name Service and IP Spoofing

    • if an attacker subverts your naming services(DNS, NIS, etc.), The attacker may coerce network-related programs to connect to the wrong machine. An attacker can impersonate a host by stealing its IP address. SSH guards against false servers by verifying the server host identity cryptographically.

    • SSH-2 protocol allows for including PKI certificates along with keys.

  • Connection Hijacking

    • An active attacker who doesn't only listen to the connection but does injections in the connection, they steal the TCP connection from one of its endpoints.

    • SSH can't prevent Hijacking as it is a weakness of TCP, which is below SSH. However, SSH integrity checking can detect if a session is modified in transit and shut down the connection to prevent using the corrupted data.

  • Man-in-the-Middle Attack

    • An adversary sits between you and your real peer, intercepting all traffic and altering or deleting messages. A user tries to connect to an SSH server, and the MITM attacker intercepts the connection and acts as an SSH server. The MITM attack can log in as the user as password authentication was done.

    • SSH counter the attack by making server host authentication. As the attacker does not have the server's private host key, he cannot impersonate the server.

    • Host-based authentication and public key authentication resist MITM attacks. When a client provides a digital signature for either host-based or public key authentication, it includes the session identifier in the data signed. The attacker cannot pass the signed data to the server nor make the client sign the other session ID.


Threats SSH does not PREVENT

  • password Cracking

    • It's evident that shoulder surfing is impossible to be prevented by SSH. The same thing stands for log keystrokes in a computer kiosk or giving your password to an unknown individual.

    • Even if SSH encrypts the password to be passed over the network, a public key authentication would be more secure.

  • IP and TCP Attacks

    • SSH operates on top of TCP/IP, so it is vulnerable to some attacks against the weakness in the TCP/IP layer. The privacy, integrity, and authentication guarantees of SSH limit this vulnerability to denial-of-service attacks.

    • TCP/IP resist network problems such as congestion and link failure. If an attacker blows up one router, IP can route around it. However, it was not designed to resist attackers injecting bogus packets into the network. The origin of TCP or IP control messages is not authenticated.

    • As a result, TCP/IP has several inherent exploitable weaknesses such as:

      • SYN flood:

        • SYN stands for "synchronize" and is a TCP packet attribute. IT refers to the initial packet sent to start the setup of a TCP connection. The packet often causes the client to expend resources for the upcoming connection. If an attacker sends many of these packets, the client may run out of space.

      • TCP RST bogus ICMP

        • RST is a TCP packet for "reset"; either side of the TCP connection can send an RST packet. RST can be injected into a connection immediately, causing disconnecting any target TCP connection.

        • ICMP, "internet control message protocol", allow IP host and router to communicate information about network conditions and host reachability. An ICMP packet telling that a particular host is unreachable can cause the connection to be torn down.

      • TCPC desynchronization and Hijacking

        • An attacker can desynchronize two sides of a TCP connection concerning data byte sequence numbers. In this state, it is possible to inject accepted packets as part of the connection allowing the attack to insert information into the TCP data stream.

        • These issues can be countered by lower network techniques such as hardware link encryption, or IPSEC is the IP security protocol in the ipv6, which provides encryption, integrity, and data origin-authentication services at the IP packet level.

  • Traffic Analysis

    • An attacker cannot read network traffic, but they can estimate what is going on in the traffic due to the amount of information and pattern.

    • SSH does not address traffic analysis attacks. An SSH implementation can send random data over a connection when idle, such as a keystroke from tty when echo is not turned off, to stress the attacker. This is done in openSSH.

  • Covert Channels

    • A covert channel is a means of signalling information in an unanticipated and unnoticed fashion.

  • Carelessness

    • You are dumb to think that ssh will secure everything for you when you keep neglecting things like putting your password on a notepad stick on the screen of the pc.

 

"Security is a process not a product"



Ryndia

A warm welcome to all of you, I am Ryndia, and this is my pseudo. Follow my blog and you will see a lot of experiment.

Post a Comment

Previous Post Next Post