There are five actions taken to improve the security of a vulnerable server, enumerated as follows.
1 Fix Root Password
The original password for root is “default”, which is unsecure. Attackers could easily crack the password with the brute-force mode. I gained the password in several minutes with the tool Metasploit. To fix the problem, the password was reset to a stronger one “Afcb136!” with 8-character length and four types of characters. Then, I retried the brute-force attacks and it failed to get the password as the result. The new password with higher complexity improves the system security compared to the old one.
There are three actions in the terminal: sudo passwd, type and confirm the new password “Afcb136!”. Consequently, the terminal
…show more content…
Firstly, a password will be expired in 90 days. I changed the line PASS_MAX_DAYS from 99999 to 90 in the /ect/login.defs file, which set the expiration from never to 90 days. The following changes took place in the /ect/pam.d/common password file. Secondly, users are only allowed to input password for three times. The account will be blocked once the password fails in three times. Thirdly, the length of the password is required to be larger than or equal to 8 characters. Additionally, passwords need to involve at least one digit, one uppercase letter and one lower case letter. Finally the password is rejected if the password is the username in the straight or reverse form. To implement the above password policies, I installed the power module libpam-cracklib by the command “apt-get update” and “apt-get install libpam-cracklib”. Then I separately added the parameter “retry=3” (for the times of retrying password), “minlen=8” (for the length of password), “dcredit=-1” (at least one digits), “ucredit=-1” (at least one upper case letter), “lcredit=-1” (at least one lower case letter) and “reject_username” (for rejection of setting the username as password) in the command password file.
To evaluate the password policy, I reset the password according to the password policies and tried to have the access to the password in another machine the tool
…show more content…
The biggest problem of the telnet service is that all the text which users try to send across the network is unchanged. Especially, the username and password are sent in plain text. As a result, the attackers could easily capture the data and gain the password if they are in the same network with telnet connection. Compared to telnet, SSH is more secure due to the encrypted connection. Therefore, I blocked the port 23 (telnet service).
To close the unsecure port 23, I set up a firewall with some rules. Firstly, I created a new file called “firewall.sh” by the command “touch firewall.sh”. Then, I added the rule “iptables -A INPUT -i eth0 -p tcp --dport 23 -j ACCEPT”. Finally, I ran the file to block the telnet service. Although other ports are more secure, they will be closed in the same way if they are not in use.
5 Set SSH Public Key