Security Advisory Regarding Brute-Force SSH Attacks

VULNERABILITY/EVENT SUMMARY

Recently, Gallantry has noticed a significant increase in Secure Shell (SSH) brute-force attack attempts on the Internet. The attackers first check if SSH is accessible on a system, and if so, they then attempt to log on to SSH by trying hundreds of account names such as "root", "admin", "test", "user" and "guest" etc. The attempts seem to use some sort of password guessing techniques and automated software to gain unauthorized access. Since SSH is commonly used for remote server administration and troubleshooting, this type of attacks affects many servers on the Internet, including GallantWEB products because GallantWEB is shipped with SSH.

In some cases, after the attackers successfully gained access to a server, they installed fraudulent Web sites pretending to be certain banks or financial institutions and sent junk mail to email addresses all over the world, trying to cheat people to enter their account information into the fraudulent Web sites.

SOLUTIONS/RECOMMENDATIONS

In response to this, Gallantry makes the following recommendations to help secure your GallantWEB:

1. Use a strong password. Set the "super" and "admin" administrators' passwords to contain letters, digits and special characters so they are hard to guess. Do not use a dictionary word or simple numbers. Please read "http://www.us-cert.gov/cas/tips/ST04-002.html" for more guidelines about selecting strong passwords.

2. Upgrade to the latest version. The currently supported products are using Version 4.1 and 4.2. We encourage customers using previous versions to upgrade. Right now Gallantry is offering a huge discount to upgrading customers. Please contact us by phone at 408-369-1359 or by email at sales@gallantry.com for details.

3. Download and apply service packs. If you are not upgrading to the latest version, at least download and install service packs from the "Downloads" area of Gallantry Web site. Currently available service packs are version 3.1.7 and 3.0.7. They contain many security fixes and enhancements.

4. Block SSH access using advanced firewall. If you do not need remote access or troubleshooting, you can block SSH access to your GallantWEB by removing the "SSH" rules from your firewall*.

• For version 3.0.x software: Go to "System Administration - Advanced Firewall Configuration" and delete the rule named "SSH"
• For version 3.1.x software: Go to "Service Selection - Advanced Firewall - Firewall Rule Management" and delete the rule named "SSH".
• For version 4.x software: Go to "Service Selection - Advanced Firewall - Firewall Rule Management" and select the traffic direction of "Internet to GallantWEB", then delete the rule named "SSH".

*If you need SSH access, you may customize the "SSH" firewall rules to allow connections from only certain IP addresses instead of deleting the "SSH" firewall rules.

5. Scan your PCs for virus and spyware. Use anti-virus and anti-spyware software to scan your PCs regularly to remove any virus of spyware infection. It is possible for some virus or spyware to steal your account names and passwords.