Indonesian Back|Track Team
[SHARE] Harderning Server, the other way to increase security - Printable Version

+- Indonesian Back|Track Team (https://www.indonesianbacktrack.or.id/forum)
+-- Forum: Defensive Zone (https://www.indonesianbacktrack.or.id/forum/forum-173.html)
+--- Forum: Hardening (https://www.indonesianbacktrack.or.id/forum/forum-189.html)
+--- Thread: [SHARE] Harderning Server, the other way to increase security (/thread-4840.html)

Pages: 1 2


[SHARE] Harderning Server, the other way to increase security - Junior Riau - 07-27-2013

assalamualaikum wr wb
kembali lagi bersama saya si admin whitehat Tongue,, ini bener lo :p Tongue:- Smile:-

nah setelah sebelumnya om @koecroet telah berbagai harderning mengenai apache pada link ini

kali ini saya berbagi harderning server menggunakan sebuah teknik autentikasi,
yaitu Port Knocking

port knocking merupakan salah satu metode autentikasi yang ditujukan untuk mengamankan port-port yang digunakan sebagai media remote akses seperti ftp, ssh, mysql dan sebagainya

kali ini saya memberi contoh untuk mengamankan ssh dari serangan bruteforce
[hide]
requirements
1. ubuntu server 12.04
2. firewall ufw
3. knockd port knocking daemon

how to :

1. install and configure ubuntu server on vmware/vbox
2. install konckd port knocking daemon on ubuntu server
use

Code:
apt-get install knockd

3. enable ufw
use

Code:
ufw enable

allow http(s) access

Code:
ufw allow http
ufw allow https

configure port knocking

Code:
nano /etc/knockd.conf

set to :

Code:
[options]
logfile = /var/log/knockd.log

[openSSH]
    sequence        = 1825,1826,1827
    seq_timeout        = 10
    start_command    = ufw allow from %IP% to %IP% port 22
    tcpflags        = syn
    cmd_timeout        = 100
    stop_command    = ufw delete allow from %IP% to %IP% port 22

save with CTRL+O and ENTER
exit with CTRL+X

restart knockd service

Code:
service knockd restart


now try to access server

for demo

see

[/hide]

best regards

junior.riau18
a.k.a
little dragon


RE: [SHARE] Harderning Server, the other way to increase security - iKONspirasi - 07-27-2013

cek dompet ane tinggalin ijo2 disana Big Grin

btw klo port knocknya pake port2 yg udh dipake bisa ga? misal 80, 443 sm 8080


RE: [SHARE] Harderning Server, the other way to increase security - Junior Riau - 07-28-2013

bisa om, ya kalau ke port 80 ya masa mau akses port 80 kudu ketuk2 pintu wakaka


RE: [SHARE] Harderning Server, the other way to increase security - iKONspirasi - 07-28-2013

wkwkwk, maksud ane sequence port knockingnya, itu sequencenya ke port atau gmn?


RE: [SHARE] Harderning Server, the other way to increase security - faizul amali - 07-28-2013

mantap om hafish Big Grin
izin cicipi ilmunya Big Grin


RE: [SHARE] Harderning Server, the other way to increase security - ekawithoutyou - 07-28-2013

mantep ente dul kapan kapan aje nyoba Big Grin


RE: [SHARE] Harderning Server, the other way to increase security - Junior Riau - 07-28-2013

squence nya ke port om, saran gunakan port yang tidak digunakan oleh service lain,
nanti bisa bentrok packet, soalnya port knocking bisa menggunakan TCP atau UDP dengan flag SYN


RE: [SHARE] Harderning Server, the other way to increase security - wahyuardan - 07-28-2013

weh nih orang bisa multi talent , programming bisa + server bisa , thanks brother for sharing Big Grin


RE: [SHARE] Harderning Server, the other way to increase security - Junior Riau - 07-28-2013

wehehe thanks bro Smile masih ada lagi ini sambungannya tentang port knocking masih banyak banget,

iya itu hobby ane, linux, programming, networking


RE: [SHARE] Harderning Server, the other way to increase security - Agus Murdieono - 07-29-2013

mas koq saya g bisa apt-get update ya mas ??
malah eror n failed smua. . .
maklum mas pengguna baru. . .