... and he scores! The crowd is going wild!

(My condolences to the family.)

My experience may not be applicable to you. I do IT Security for a university. We encounter a wide variety of attackers from script-kiddy to aggressive hostile government.

When our attackers desire to remain hidden, we usually can not detect and remove them using any common tool. The techniques for remaining in hidden control of systems are straightforward, effective and available to any attacker. We can detect all kinds of stuff by carefully inspecting network activity, but learning to do it takes years. And, analyzing 1 machine's traffic is slower than real-time.

For example, a while ago one of my coworkers managed to crack the C&C for a major fake-antivirus group. For 2 months we grabbed the rootkits as they went by. Code on compromised machines was updated daily. VirusTotal pronounced it all clean. Usually, the victims had no clue. None of the virus or malware detectors/removers would regain control of a compromised system. Sometimes the utilities would claim to have done something. It was never complete or successful. On the other hand, if we isolated a compromised machine from the C&C for 3 weeks, some of the utilities would start to be effective. At 6 weeks, almost all of them were effective. Of course, this fake antivirus group was indiscriminate and had a huge footprint.

We still use Microsoft Security Essentials or EndPoint Protection. It almost never prevents compromise, but in some circumstances it will let us know that that we have been had. Some attackers get what they want immediately and don't try to hide. Others break discipline after a few days or weeks. Then there are the ones that get what they want and sell you to less capable attackers. Finally, if the user/machine is vulnerable to attack then the machine eventually gets infested with multiple attackers. Once multiple attackers start interfering with each other, something always gets dropped.

We always recommend a "change passwords/backup/wipe/rebuild/restore" when we discover compromise. Even then, sometimes an attacker regains control by hiding hostile code in user files.

The preventative measures that seem to be most effective for us are:

1. 1) Some form of Addblock. The primary attack vector for most of our people is hostile browser adds.
2. 2) Limiting the execution of unwanted browser code. We recommend Chrome/Click-To-Run for most users. Motivated users can get better protection with Firefox/NoScript.
3. 3) Working with our users to improve our defenses. See: https://www.youtube.com/playli...

In my completely uninformed opinion, there seem to be inexplicable and congenital faults in IT's use of cryptography.

A few crypto products need efficiency and performance. But, many don't. Many existing products are optimized for efficiency and performance, even when these goals are contrary to the stated goals of the product. Frequently, crypto solutions unnecessarily limit the size of keys. They extend the lifetime of keys. They limit the number of available keys. In many cases, all three of these latter goals are false savings.

We rarely use symmetric crypto, even though it is frequently simpler and more robust. Public Key is almost always preferred, even when it is easy to distribute keys.

Reliable, trustworthy sources of truly random numbers seem to be very useful, inexpensive, and straightforward to create. See: http://en.wikipedia.org/wiki/C...

If we are interested in secure communications, it should be normal and expected that we would pick up several hardware random number generators. We should have multiple simple, robust, trustworthy tools to generate symmetric keys. We should have multiple tools to utilize simple, robust, trustworthy symmetric crypto.

Instead, we seem to focus on always using a single complex public key solution even when it is not appropriate.

In my ignorance, I have been trying to map out a simple, robust tool for system administration, that makes use of symmetric crypto. See: https://it.wiki.usu.edu/201501...

I would really like to learn that I have been wasting my time.

Thanks. I figured that was obvious enough to not need explanation. So I decided it was out of scope. But, I am wrong all the time.

I am assuming you feel that we should teach our admins to test all their SSH passwords against standard attack dictionaries and disable/notify any that fail. This is a good idea. I will try to add it tomorrow.

Are there other conditions that are detectable by SSH admins that require disabling passwords?

That is an interesting idea. It is easy to MITM our SSH client connections. But, this control comes with a large expense. Because it is easy for our clients to see Security's actions, and it is hard for them to see the actions of attackers, they will conclude that Security is being evil for no good reason. This will greatly reduce our effectiveness by isolating Security from our community. Other controls may mitigate this problem with less expense.

For example, we are currently pushing our people to adopt widespread 2-factor authentication. Our people are ready to accept 2-factor. They understand it's value. They are familiar with it's use. We have multiple cheap 2-factor solutions. 2-factor somewhat mitigates MITM and also helps other issues.

That said, I think we really need a simpler form of SSH for trusted point-to-point communications. It should exclusively use pre-distributed one-time pads for it's authentication and encryption. We can now generate and distribute 100+ Gigabyte files of true-random data. This data can be used to authenticate. It can be used to generate secure symmetric encryption keys. We can handle millions of secure connections before we need to redistribute pads again.

Since I am not a cryptographer, this idea has many problems. But I believe that securely using these huge one-time pads could be as easy as:

• Ask Schneier for a good, symmetric encryption algorithm :)
• Select a key-size that is twice as long as Schneier thinks we need :) So, if Schneier thinks 512bits are fine, we use 1024 bit keys. This is only 128 bytes.
• Generate about 128 Gigabytes of random data from a truly random noise source. Use 64Gigs of it for connection keys. That will allow about 512 million connections. This may be excessive and need to be adjusted.
• Use the rest of the Random data 2 Gigs at a time. This gives you 32 records. The server always gets the first copy/install of the file. The server always uses the first record. Each subsequent client copy/install uses the data in it's record for install identification and session identification. This may not be enough records. It may need to be adjusted. But, it probably should not increase to hundreds. If there are too many copies, it is impossible to protect confidentiality.
• Throw away the first key record. You can spare some. Use that space to write down the GMT time-stamp when this file was created and the number of times the file has been copied.
• Use the next key record as the FileID for this file.
• The server only tries to use uses 1 pad file at a time.
• When the server starts up, it skips down the number of keys indicated by it's current key index or the number of minutes since pad creation, whichever is greater. If the server detects that GMT time is running backwards, it should terminate with a descriptive error message.
• Every minute, it switches to the next key in the list. Don't worry, this will only use up 10 million of your possible keys in 20 years. The server should not attempt to respond to more than one connection attempt per second.
• Whenever the server has authenticated a successful connection, it switches to the next key in the list.
• When something pokes it's port, the server assembles a message that says something like: Number of non-padding bytes in message. Message Type 0. Server Message#1. I have received 0 of your messages. I am copy 1 of the file with the ID of #FileID. My Copy ID is (the first field in my Copy ID Record). The local time is (current time). The number of times I have incremented keys is: (CurrentKeyIndex). The number of successful connections is (ConnectionNumber). The authentication number for this connection is (use ConnectionNumber to index into the Copy ID Record and retrieve the value). Optional padding. End of Server Message #1.
• Then the server encrypts all that info using the current encryption key and sends it out to the client. It should all fit in a standard ethernet/IP/TCP packet. All messages must be padded to the same length. A good starting message length is probably 1400 bytes.
• The client uses the current time as a guess to a starting index into the key data. It should probably start 1 before to allow for sloppy timekeeping. It sequentially tries each key until it manages to decrypt the server's message. It should probably give up and fail with an error if tries more than 20 keys. This number may need adjusting. When it fails, the client drops the connection without saying anything.
• If the client decodes the server message, it then checks it's own expected and calculated information against the info provided by the server. If it doesn't check out, it drops the connection and sends an urgent error message that somebody is attempting to mimic the server using a replay attack. If it checks out, it uses the key to encrypt it's response. It also updates it's CurrentKeyIndex.
• The response of the client looks like: Number of non-padding bytes in message. Message Type 1. The latest message I have decoded from you is (LastServerMessageNumber). This is my Message #1. Nice to meet you. I am copy (whatever) of the file with the ID of #FileID. My Copy Id is (the first field in my Copy ID Record. My local time is (timestamp). I have now updated and crossed off (CurrentKeyIndex) number of keys. My number of successful connections is (ConnectionNumber). The authentication number for this connection is (use ConnectionNumber to index into the Copy ID Record and retrieve the value.) Optional padding. End of Client Message #1.
• Then the server checks the client's supplied info for inconsistencies. If it fails, the server crosses off the key, drops the connection, and sends an urgent error message that somebody is attempting to mimic the client via a replay attack. It if checks out, the server sends an encrypted acknowledgement, and updates it status information on that copy of the file.
• Once the client receives the acknowledgement, it updates it's info on the server. Then both sides continue the encrypted conversation. The conversation looks like a sequence of encrypted messages.
• Most messages have the same format: Number of non-padding bytes in message. Message Type 2. Timestamp. From (Copy #) To (Copy #). Your latest message was (whatever). This is my message (whatever). [MESSAGE CONTENTS] Optional padding. End of message (whatever).
• You will also need some utility messages. A NAK may look like: Number of non-padding bytes in message. Message Type 3. Timestamp. From (Copy #) To (Copy #) Please re-transmit everything after message (whatever). This is my message (whatever). Optional padding. End of message (whatever).
• A FIN may look like: Number of non-padding bytes in message. Message Type 4. Timestamp. From (Copy #) To (Copy #) Your latest message was (whatever). Time to say goodbye. Optional padding. End of message (whatever).
• A Change Key may look like: Number of non-padding bytes in message. Message Type 5. Timestamp. From (Copy #) To (Copy #) Your latest message was (whatever). I'm feeling paranoid. Lets change to the next key. Optional padding. End of message (whatever).
• An Oh Shit may look like: Number of non-padding bytes in message. Message Type 6. Timestamp. From (Copy #) To (Copy #) Somebody just showed up with a NSL. I'm wiping my key-files/one-time pads. You should wipe this key-file/pad. Send lawyers, money, guns. So long and thanks for all the fish. Optional padding. End of message (whatever).

As you can see, this system is very simple,crude and inefficient. We are just re-implementing the old concepts of secure phones using 1-time pads. None of this is new. We can use simple logic because we don't want or need complexity. It allows for 1 server and multiple clients. You have to redo this logic to have more than one server per pad/keyfile. It only solves one problem, but it is so simple that it should eliminate almost all opportunity for logic and programming flaws. Remember, complexity is the enemy. We don't care about efficiency. We want security. The NSA has used feature creep to corrupt many forms of existing crypto.

This proposal is connection oriented, but it can run on TCP or UDP or ICMP. You probably want to use TCP to reduce spoofing, DoS opportunities and sort out some of the low level attacks. If you do, you have to remember that you can't trust TCP to eliminate spoofing or verify message delivery.

Protecting SSH communications for your organization is fairly straightforward if you do some work. You need to use multiple layers. Here is our guide to protecting SSH:

https://it.wiki.usu.edu/ssh_de...

We try to use multiple overlapping security layers to protect SSH:

• * If possible, use firewalls to limit the vulnerable scope of SSH to a few trusted hosts.
• * Configure firewalls to limit credential guessing by rate-limiting connections to the SSH port.
• * If possible, treat the SSH Port as a shared secret. Then, only interesting, targeted attacks find the SSH server. In many situations, this gives you very real protection. This protection is based on the very real increase in cost for an attack to find and attack an SSH server on an alternate, properly obscured port.
• * The SSH server should not allow known usernames including root. The attacker must find a username.
• * Motivated admins should use 2-factor authentication to access their critical SSH servers.
• * Admins are trained to create good passwords for their usernames.
• * SSH users should verify the identity of their systems when they first connect.
• * System admins must regularly review the activity of their SSH servers.
• * Security monitors all SSH connections, including ones on non-standard ports. We follow up on interesting connections.
• * We have SSH Honeypots that help us track, understand and respond to SSH attack. These Honeypots allow us to track which credentials are being attacked. They give us advance warning when a institutional credential is attacked. And, analyzing the use of unique credential lists gives us insight into our attackers.

Much of this work can be automated. The rest is excellent training material for new security recruits and interns.

Looking back, the main change I should have made to improve our SSH protections would be to default block incoming TCP/22 at the border years ago. Then, only allow it for groups that can show they use it to provide services to a large community. Anybody using SSH for administration can change the SSH port.

Spending money on a mansion is literally the opposite of storing it at the bank.

This article seems relevant: On the difficulties of reforming torturers.

I authored the previous comment; I didn't realize that I was logged out when I did, so it showed up as AC. But it's me.

1. I'm too busy to sit around thinking up additional words to throw in so I can score "mod" points

2. The people I like on Slashdot are too busy to read a bunch of additional words I only threw in so I can score "mod" points

3. It's not in my nature to waste words, or to waste time

Actually this particular councilman represents an extremely high-rent district--Manhattan's upper east side. I doubt there are many wealthier neighborhoods in the world. He's not doing this to 'score points', he's doing it to do the right thing.

Well said

Let me fix that for you:

Time and again history has shown the way to have a healthy middle class is to alleviate poverty on a grand scale.

Well spoken, bro

The "digital divide" is a real thing. It's the difference between spoiled people like yourself growing up with a computer in your home, and inner city kids who have no computer access at home and have to wait on line at the public library to get a 15 minute time slot.

If you don't recognize that in this society those without computer access are at a disadvantage, you are as stupid as you are uncaring.