Secure Shell (SSH): 22

Security Weaknesses

• Vulnerable to brute force attacks targeting credentials.

• Exploitation of weak encryption ciphers.

• Risks from stolen private keys if not protected.

Security Defense and Mitigation Measures

• Enforce key-based authentication instead of passwords.

• Regularly update SSH software to patch vulnerabilities.

• Configure SSH to disable root login and enforce IP whitelisting.

• Use tools like fail2ban to limit brute-force attempts.

Indicators of Compromise or Attack

• Repeated failed login attempts in SSH logs.

• Unauthorized addition of SSH keys to authorized_keys files.

• Unexpected or unauthorized SSH sessions.