Thanks to the end-of-term for many colleges and some K12 schools, brute-force attacks against SSH servers surged sharply this past weekend, according to the SANS Internet Storm Center. The sudden jump in SSH attacks merits a re-examination of how such servers should be properly secured. Jim Owens and Jeanna Matthews of the Department of Computer Science at Clarkson University have published a paper on the methods that such attacks frequently employ and on the best ways to defeat them. Brute-force attacks gets a lot of attention in the press but do we really need to study it? Yes, with botnet and more powerful computers it makes brute-force attacks more affective. However, if users use strong passwords then the likely hood that they will be hacked by this type of attack goes down drastically.

The link for this article located at arstechnica.com is no longer available.