Medical Billing and EMR Software by Medisoft, Lytec and Greenway › User Forum › Security › Firewalls, Port Scanning and Remote Attacks
May 18, 2012 at 5:08 pm #41891
As a seasoned IT professional, offering years of experience at the enterprise level, I cannot stress how important it is to have your computer network protected by a firewall. A firewall is a network device that is configured to block or allow traffic on your private network and acts as a doorway between your private network and the public network, also known as the Internet.The Internet is comprised of a large number of servers owned and operated for various use. The Internet also provides a home for those who wish to carry out malicious activities, such as seeking and exploiting personal information for financial gain, public embarrassment or just for the sheer challenge of compromising personal data and internal, personal networks.Hackers will use port scanning software and commands and run them against your IP address. An IP address is a unique numerical value assigned to you by your Internet provider. Without an IP address, you would not be able to access the Internet or have an Internet presence. Ports are considered “little doorways” to and from your private network via the Internet. As an example, if you’re running a web server on your internal network, you would open TCP port 80 to allow all network traffic from the Internet to be received by your internal server on port 80. Another well known port is port 22, or SSH. SSH encompasses a group of programs, which allows anyone to remotely identify users and host computers on a remote network. Allowing anyone to remotely connect to your network to identify anything is a serious problem, which could lead to further attempts to exploit personal information.Recently, I found someone trying to remotely connect to an internal network via SSH in an attempt to gain control over the host computers. Fortunately, their attempts failed because they did not have any correct user names or passwords to continue their SSH session. The below picture is an example of an active SSH attack and shows how the remote attacker attempted to connect remotely on three separate occasions. The firewall captured their public IP address and their failed login attempts and following the third failed attempt, their public IP address and subsequent attempts were blocked. I also proactively turned off SSH access by closing the “open doorway” and as a result, the internal network was protected from being exposed.2012-05-11 09:53:47 alert 220.127.116.11 login Login disabled from IP 18.104.22.168 for 60 seconds because of too many bad attempts2012-05-11 09:53:47 alert ssh(22.214.171.124) login Administrator admin login failed from ssh(126.96.36.199) because of invalid password2012-05-11 09:53:42 alert ssh(188.8.131.52) login Administrator fluffy login failed from ssh(184.108.40.206) because of invalid user name2012-05-11 09:53:39 alert ssh(220.127.116.11) login Administrator root login failed from ssh(18.104.22.168) because of invalid user nameAt Microwize Technology, Inc., we only use and sell high-end and state-of-the-art firewall appliances. Having a maintained security appliance, such as a firewall, within your network environment is highly recommended. The small cost of a firewall can save your information from being publically exposed, can protect the privacy of your patients and can add an additional layer of network security to your environment. Contact Microwize Technology, Inc. today at (800) 955-0321 and speak with one of our trained IT specialists. We are here to assist with discussing a Managed IT firewall and to help start protecting your private network.
You must be logged in to reply to this topic.