Hackers suck. Nobody likes them (fake news).
Something that isn’t fake is everybody’s need to defend themselves and their data from a constant onslaught of breaching attempts on our public-facing devices. Nothing is worse than the feeling of being hacked, especially if it’s something that could have been prevented.
Security is one of the most important things that you need when you have any kind of server or computer. Without security, anyone would have access to all of your private information. In this article, we look at some Linux and Windows tools that allow us to easily prevent attacks against our machines before they become an issue.
With most computer environments, logging allows us to easily see who is attempting to access the network which allows us to take action.
When you think “someone is repeatedly trying to access my server,” the first thing that comes to mind is “block it.” This is key. The problem is that you do not want to hire someone to sit at a computer all day watching the logs for IP addresses to block. For one, that’s a major waste of time. Second, these computer attacks can come from hundreds of different IP addresses at the same time, so a person typing in all these commands would take too long.
To make this easier on us, there are multiple tools created that are perfect for automatically blocking IP addresses for us.
Linux:
Fail2Ban
Fail2Ban is a simple, yet powerful program which limits brute force authentication attempts.
In short, Fail2ban monitors log files and issues ban/unban commands automatically after a defined number of access attempts.
To Install:
Ubuntu:
sudo apt-get install fail2ban
CentOS/Redhat:
sudo yum install fail2ban
Configuring:
Fail2ban works out of the box and monitors any attempts to connect via ssh. If you want more, you can go here to view the final configuring touches: https://www.a2hosting.com/kb/security/hardening-a-server-with-fail2ban#Configuring-fail2ban
In short you will be configuring Fail2ban’s jail.local file so that Fail2ban has access to the default settings for multiple protocols. Normally, all you need to do with this file is change
enabled = false
line to
enabled = true
and restart fail2ban with the command
service fail2ban restart
Once installed, Fail2ban will search the log /var/log/auth.log and other configured logs for failed attempts to access the server. As you can see below, Fail2ban logs that it “found” an IP attempting to gain access. The most recent one attempts to get in with the username “home” (an invalid user) from an IP address from China.
A successful ban and unban looks like this:
After 5 failed attempts (Fail2ban’s default), fail2ban blocks the address for 10 minutes. If you want the deny time to be longer, you can change the line:
bantime = 10m
to your desired time in /etc/fail2ban/jail.local
Finally, its price? Free! Like most Linux products, it is open source and can be found on Github https://github.com/fail2ban/fail2ban
Denyhosts:
DenyHosts is a python program that automatically blocks ssh attacks by adding entries to /etc/hosts.deny. This program is dated but still works on all Linux operating systems today. DenyHosts can also inform system administrators if configured. It can report offending hosts, attacked users and suspicious logins. Other features include restricting usernames and synchronizing attack data with other systems to prevent attacks before they happen.
To install:
Ubuntu:
sudo apt-get install denyhosts
CentOS/Redhat
sudo yum install denyhosts
Price: Free! Yay!
Windows:
There are multiple options available for Windows users. In this article, we will look at BeeGuardian and Botfence. I have worked with Botfence, but it is not cheap for everyday consumers.
BeeGuardian
BeeGuardian is a Windows IP Blocker for servers and computers alike. It can block specific IP Addresses or ranges of addresses in one-click, block entire country IP addresses, display network flows in Real-Time, filter network packets based on IP address, port, protocol and, other TCP/IP factors, and run with little to no lag, robust and stable.
It is compatible with Windows 10, Windows 8, Windows 7, Windows 2019, Windows 2016, Windows 2012, Windows 2008, Windows 2003, Windows 2000, Windows XP and Vista.
Pricing:
BeeGuardian is $69.95 which, all things considered, is a worthwhile investment to protect your property. Unlike other software today, you buy this once and it’s yours. They do add on a year of service from the day in which it’s purchased. https://sites.fastspring.com/beethink/product/ipblockerfirewall
Botfence
Another great auto blocker for Windows Server is Botfence.
You can locate their sales page here: https://www.servolutions.com/botfence.htm
This small but simple program works with Window’s Event Viewer and Firewall to view and block IP addresses attempting to gain access to your server.
Using the program is very straight forward. From the start menu, you locate BotFence Administrator:
Then see who or what is attempting to access your server.
The GUI is simple, showing you how many attacks have been used against your computer in the last day, as well as the number of attacks in the previous hour.
Pricing:
This program is not free, but you can get a demo. If necessary, it includes software that will run through your logs to tell you if your system has been breached or not.
Pricetag: $199
Link: https://www.servolutions.com/shop/Products.aspx?cat=botfence
Conclusion:
Throughout this article, we found some great tools for protecting your server’s security from outside attacks. With the right tools, you can make sure your data is safe from prying eyes.
Do you know of any other programs? Feel free to share!
Thank you for reading, and have a good one!