![]() ![]() Processes utilizing the network that do not normally have network communication or have never been seen before are suspicious. Monitor network data for uncommon data flows. monitor anomalies in use of files that do not normally initiate connections for respective protocol(s)). Consider correlation with process monitoring and command line to detect anomalous processes execution and command line arguments associated to traffic patterns (e.g. ![]() Monitor and analyze traffic patterns and packet inspection associated to protocol(s) that do not follow the expected protocol standards and traffic flows (e.g extraneous packets that do not belong to established flows, gratuitous or anomalous traffic patterns, anomalous syntax, or structure). Also monitor user SSH-agent socket files being used by different users. Monitor for user accounts logged into systems they would not normally access or access patterns to multiple systems over a relatively short period of time. Monitor executed commands and arguments that may hijack a legitimate user's SSH session to move laterally within an environment. Įnsure SSH key pairs have strong passwords and refrain from using key-store technologies such as ssh-agent unless they are properly protected.ĭo not allow remote access via SSH as root or other privileged accounts.Įnsure proper file permissions are set and harden system to prevent root privilege escalation opportunities. Ensure that agent forwarding is disabled on systems that do not explicitly require this feature to prevent misuse.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |