Greetings. It’s been a while since my last post. Note to self, I need to start uploading my work from Notion onto WordPress in an efficient way.
In the past week, I’ve been attending a SOC Analyst Prep course to learn more about the fundamentals needed to become one, and recently, we have gone over ports and protocols.
Today, I wanted to take about 2 ports/protocols which will be SSH and DNS.
What is SSH?
SSH stands for Secure Shell Protocol. and uses port 22. It is a network protocol that allows for a secure connection between two devices/computers. It is an improvement upon Telnet (however this data sent over this connection is unencrypted and in plaintext so this means you can see passwords over the communication channel). It is typically used to connect to a remote system (let’s say I am working from a Linux machine and I want to SSH into a different Linux machine not on my current network).
In order to do this, I would use the command.
ssh [username]@[other machine’s host name or IP address]
Security Risk Related to SSH:
– Poor Management of SSH Keys
– In a video by Twitter user: IppSec, the creator finds a SSH private key in someone’s Git history then uses it to SSH into the log.
– Here is [another video]
– Brute-force attacks
– In some cases, the attacker wants to brute force by using a combination of usernames and passwords in order to (hopefully) get the right combo and log in.
– IppSec does this [here].
This is what I’ve gathered, feel free to correct me on anything I have posted by DMing me on Twitter. So far, I’m just learning a lot and planning to update this post in the future.