13,420
edits
Changes
no edit summary
=== Part 1: Deceiving Penetration Testers (Hackers) ===
To help '''harden ''' (i.e. protect a server from attack or "penetration"), system or security administrators have the ability to "trick" or "mislead" a potential hacker in order to prevent system penetration.Just like in the movies, "spying" is not just about collecting information about the adversary, but also to deceive the adversary into making incorrect decisions.
In this partsection, you will learn a common technique that organization use to use help harden their servers: Use a combination of '''SSH server configuration''' and''' iptables rules''' in order to redirect trick a hacker into thinking that the SSH port to allow secure data traffic via another port (as opposed to the default port: 22)is not working, when in fact, and use iptables to reject it is running quietly (better logtunneled) incoming tcp traffic via the default another port. .. '''Q:''' What is the result of this?''Sneaky, but effective'A:''' Simple. Permit the SSH service for the organization, and yet trick and confound the potential hacker into thinking that ssh traffic is used on a port that is no longer available (but they may not know this!)... '''Sneaky! >;)'''