13,420
edits
Changes
no edit summary
'''Answer INVESTIGATION 2 observations / questions in your lab log book.'''
=INVESTIGATION 3: SECURING THE SSH CONNECTION=
To help '''harden''' (i.e. protect a server from attack or "penetration"), system or security administrators have the ability to "trick" or "mislead" a potential hacker in order to prevent system penetration.
Just like in the movies, "spying" is not just about collecting information about the adversary, but also to deceive the adversary into making incorrect decisions.
[[Image:tunnel-trick.png|thumb|right|550px|You can also use an ssh connection to '''tunnel other types of traffic'''. There could be different reasons for doing this. For example tunneling traffic for an unencrypted application/protocol through ssh can '''increase the security of that application''' (i.e. deceive potential hackers).<br><br>Alternatively you could use it to '''circumvent a firewall that is blocking traffic''' you wish to use but allows ssh traffic to pass through.]]
=== Part 1: Deceiving Penetration Testers (Hackers) ===
In this section, you will learn a common technique that organization use to help harden their servers: Use a combination of '''SSH server configuration''' and''' iptables rules''' in order to trick a hacker into thinking that the SSH port is not working, when in fact, it is running quietly (tunneled) via another port... '''Sneaky, but effective'''...''' >;)'''
:'''Perform the following steps:'''
