SSH Security

How do SSH attacks occur?

Brute-Force Method

SSH attacks are usually done through password attempts. Bots prepared by the attacker generate random passwords and try until they get a result. These bots can be dozens or even thousands, coming from different servers and IP addresses. You can make the attacker's job harder by using complex and random passwords or changing the default SSH port. Even if these measures are taken, the attacker can perform port scanning to find the active SSH port again and perform the trial process again. Even if the attacker cannot access the password and infiltrate the server, your server is busy processing requests from more attackers rather than providing service to you, which causes unnecessary resource consumption and log creation. If the attacker infiltrates the server, worse scenarios such as data deletion or leaving ransom software inside the server may occur.

Zero-Day Method

Zero-Day vulnerabilities are security vulnerabilities that are difficult to detect until they are reported or occur. It is very important to hide the versions and port numbers of services such as SSH running on your server for this reason. If there is a vulnerability in the version used, the attacker can infiltrate your server using services such as Shodan or software such as Nmap to detect ports and versions.

By using Protect Remote, the attacker will not have a chance to attack a place they cannot access because only users who are permitted will be able to access the SSH service on your server. All SSH attacks by bots will be immediately terminated when you activate the relevant security.