在現在的後疫情時代,許多公司開始給員工遠端上班[1],所以越來越多軟體工程師直接透過SSH連進伺服器,進行軟體開發,或是測試產品,這也意味著很多員工只要有伺服器的IP以及密碼,就可以任意連進伺服器存取裡面的任何檔案,也很容易可以在家拍攝重要的文件,一但攻擊者拿到伺服器的IP以及密碼,伺服器裡頭的檔案很有可能被ransomware進行加密,感染的電腦也可能被spyware竊取到其他內部電腦的密碼,造成嚴重的資料外洩。 而且遠端使用者可能會先連上一台跳板機,再連上目標伺服器,但這會使得目標伺服器只知道來源是跳板機,卻不知道跳板機的來源是外部的遠端使用者還是內部使用者,而且遠端使用者可以透過跳板去存取敏感資料,為了解決這些SSH連線的安全性問題,本文建立在RFAP的架構下,在Linux作業系統中實作了一個更加安全的系統A System That Automatically Limits User Account Privileges Based on Users’ Locations (SALUAP),透過判定TCP header的資訊,可以根據使用者的位置來判別是否需要開放存取權限。 當遠端使用者透過跳板機連到目標伺服器時,會受到限制,但如果是在公司直接使用跳板機連到目標伺服器,則不會受到限制。這意味著系統只限制外網IP,目標伺服器可以判斷使用者是由外部電腦透過跳板機連到目標伺服器,還是單純從跳板機跳連進目標伺服器。這樣的設計使得內部網絡的正常運作不受影響,同時提升了對於從外部連線進入系統的安全機制,並且系統不再被遠端使用者利用ransomware進行加密,而且就算被spyware竊取到其他內部電腦的密碼,登入到其他內部機器也無法對敏感資料進行存取。 ;In the post-pandemic era, many companies have begun allowing employees to work remotely. As a result, an increasing number of software engineers directly access servers via SSH for software development or product testing. This means that employees can easily connect to servers and access any files on them with just the server′s IP and password. It also implies that important documents can be easily photographed at home. If an attacker obtains the server′s IP and password, the files on the server are highly likely to be encrypted by ransomware. Infected computers could also have passwords for other internal computers stolen by spyware, leading to severe data leakage. Remote users may connect to a target server through a jump server, which means the target server only knows the source is the jump server but not whether the jump server′s source is an external remote user or an internal user. Remote users can access sensitive files through the jump server. To address these SSH connection security issues, this paper builds upon the RFAP architecture and implements a more secure system in the Linux operating system: A System That Automatically Limits User Account Privileges Based on Users’ Locations (SALUAP). By analyzing the TCP header information, the system can determine the user′s location and decide whether to grant access privileges. When remote users connect to the target server via a jump server, they will face restrictions. However, if they use the jump server from within the company to connect to the target server, they will not be restricted. This means the system only restricts external IPs, allowing the target server to distinguish between external computers connecting through the jump server and straightforward connections from the jump server to the target server. This design ensures that the normal operation of the internal network is not affected while enhancing the security mechanisms for external connections. Consequently, the system is no longer vulnerable to ransomware encryption by remote users. Even if spyware steals passwords for other internal computers, logging into other internal machines will not grant access to sensitive files.
