SSH Server Publicly Accessible

edubadges / audit

Code audit repo for Edubadges

0 stars 0 forks source link

SSH Server Publicly Accessible #18

Open sveeke opened 6 years ago

sveeke commented 6 years ago

The SSH port (surf-dev2.edubadges.nl) is publicly accessible which increases the attack-vector.

sveeke commented 6 years ago

threatLevel="Low" type="Insufficiently Hardened Server"

The SSH port (surf-dev2.edubadges.nl) is publicly accessible which increases the attack-vector. Good to mention is that only public key authenticion is enabled.

Impact: Increases the attack vector.

Recommendation: Use an IP-whitelist to restrict access this port.

sveeke commented 6 years ago

I'll take this one for the new environment.