While computers are constantly evolving, many attack types and techniques remain a constant. The NEBRC was recently contacted by someone who worked on IBM computers back in the 1980s, to share a story with us regarding an attempt at unauthorised access to the system.
This individual was trying to gain access to the IBM by “repeatedly guessing at the logon password for the highest-privileged userid on the system”. This kind of attack is known as a brute-force attack and is still a very common method of attack on modern systems. Part of what can make these attacks successful is prior knowledge of the username for the account they are trying to access. The highest-privileged user is an often-sought-after target, due to the ability to have total control over a system, and on Linux / Unix systems, this user is known as root.
In the case of the IBM, this attack was mitigated by denying access to the highest-privileged user, even with the correct password, if they were connecting from an external address. For modern systems, there are several methods that can be utilised to secure access, with a few mentioned briefly below.
1. After the initial configuration of a system, there should be little need for the root user to remain as an active account. It is recommended to disable the root user and have an alternative account (with a more unique username that is harder to guess) for any administrative actions.
2. Brute-force attacks work by making repeated guesses at the password, but a password is often not the only method of authentication. Keys are large strings of letters, numbers, and symbols stored in a file and can be used as a replacement for passwords but can themselves be protected with a password for extra security. When connecting to a server, this key file is provided and used for authentication to the user account.
3. Using a firewall, you can control who is able to remotely login to your server. Through this method, it is possible to restrict access to certain IP addresses, such as your own. However, IP addresses can change, and you should ensure that yours will remain the same before using this method. Alternatively, establishing a VPN connection between your computer and the server and then configuring the firewall to only allow access from this connection becomes an option.
The NEBRC works to support business across the region to be better prepared and protected from the growing issue of cyber crime.
For more information on how we can support your business get in touch at: [email protected] or sign up to our free core membership to keep up to date with the latest cyber security matters and keep your business safe online.