troubleshooting Question
How do I configure Cisco ASA 5500 for just a few IP addresses?
Hello,
I am BRAND new to firewalls and I'm getting spooked!
My server sends me a logwatch everyday that shows over a hundred hacking attempts.
I am running mySQL server on a Linux CentOS with Apache. All connections are password-protected.
I also have a Cisco ASA 5500 external firewall configured with what I assume is a decent default policy.
I guess I need to have someone look at my policy to see if I have any gross vulnerabilities.
If these hacking attempts are really a threat at this point, then I suppose I need to ONLY allow SSH access from a handful of IPs (ones that I personally use). As such, I would need someone to show me how to do that as well. Although I'm not sure how great of an idea that would be (what if my comp gets stolen or lost?) :(
I may be WAY overthinking this, but I'm storing sensitive info on my server and I can't afford a security breach. The sensitive data is actually stored in a mySQL database, so I'm not sure if this is a firewall issue or a mySQL security issue. Nothing has happened yet, but these 'logwatches' are really freakin me out!
Any help or direction would be appreciated.
BTW, I connect to my firewall using ASDM.
Attached is the last 'logwatch' I received
I am BRAND new to firewalls and I'm getting spooked!
My server sends me a logwatch everyday that shows over a hundred hacking attempts.
I am running mySQL server on a Linux CentOS with Apache. All connections are password-protected.
I also have a Cisco ASA 5500 external firewall configured with what I assume is a decent default policy.
I guess I need to have someone look at my policy to see if I have any gross vulnerabilities.
If these hacking attempts are really a threat at this point, then I suppose I need to ONLY allow SSH access from a handful of IPs (ones that I personally use). As such, I would need someone to show me how to do that as well. Although I'm not sure how great of an idea that would be (what if my comp gets stolen or lost?) :(
I may be WAY overthinking this, but I'm storing sensitive info on my server and I can't afford a security breach. The sensitive data is actually stored in a mySQL database, so I'm not sure if this is a firewall issue or a mySQL security issue. Nothing has happened yet, but these 'logwatches' are really freakin me out!
Any help or direction would be appreciated.
BTW, I connect to my firewall using ASDM.
Attached is the last 'logwatch' I received
--------------------- pam_unix Begin ------------------------
sshd:
Authentication Failures:
root (sd-29897.dedibox.fr): 108 Time(s)
unknown (sd-29897.dedibox.fr): 95 Time(s)
root (202.205.176.115): 15 Time(s)
postgres (sd-29897.dedibox.fr): 3 Time(s)
mysql (sd-29897.dedibox.fr): 2 Time(s)
unknown (202.205.176.115): 2 Time(s)
postgres (202.205.176.115): 1 Time(s)
root (118.126.14.158): 1 Time(s)
Invalid Users:
Unknown Account: 97 Time(s)
---------------------- pam_unix End -------------------------
--------------------- SSHD Begin ------------------------
Failed logins from:
88.190.23.184 (sd-29897.dedibox.fr): 113 times
118.126.14.158: 1 time
202.205.176.115: 16 times
Illegal users from:
88.190.23.184 (sd-29897.dedibox.fr): 95 times
202.205.176.115: 2 times
Received disconnect:
11: Bye Bye : 18 Time(s)
**Unmatched Entries**
pam_succeed_if(sshd:auth): error retrieving information about user ryan : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user stephanie : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user mike : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user johnson : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user music : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user adam : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user ina : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user alex : 4 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user test : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user webmaster : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user oracle : 10 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user angie : 2 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user nagios : 12 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user visitor : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user ice : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user shoutcast : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user demo : 3 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user media : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user michael : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user bill : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user user1 : 3 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user jacob : 3 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user web : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user lala : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user mythtv : 2 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user build : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user testftp : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user svn : 2 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user fax : 2 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user corrine : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user tv : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user ftp1 : 5 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user tomcat : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user ttt : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user zabbix : 2 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user max : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user user : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user jim : 2 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user weblogic : 2 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user contact : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user public : 2 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user aaa : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user amanda : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user usuario : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user ts : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user master : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user office : 2 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user gnax : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user deploy : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user upload : 6 time(s)
---------------------- SSHD End -------------------------
-------------------------
###################### Logwatch End #########################
Learn from the best
Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.
Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 3 Answers and 10 Comments.
Try for 7 days”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.
Our community of experts have been thoroughly vetted for their expertise and industry experience.