b'Webwaves Webwavespublic and private key pairs. Here,coupled with MFA, can provide an easier the user shares a public key with theand more secure way to manage online remote machine and authentication iscredentials.performed with the private key which is safely stored by the user. Secure shellDoS and DDoSonly uses the keys for authentication and not for the encryption of theA DoS attack (denial-of-service attack) connection. The SSH protocol canis a malicious cyber-attack designed to also be used for file transfer usingrender a machine or network resource mechanisms such as SCP (secure copy)unavailable to intended users. There are or SFTP (SSH file transfer protocol).two basic forms of attack: crashing or Secure shell is a common way offlooding. A machine could be crashed authenticating with remote servers andusing buffer overflow through an attack Ian James VMs (virtual machines). using all of an available resource, such ASEG Webmaster as memory. A flood attack is where the webmaster@aseg.org.au target is overwhelmed by needless SSO / MFA requests, saturating bandwidth and Previous Webwaves posts have discussedpreventing access. A distributed denial A look at some IT initialisms password security. MFA (multifactorof service attack (DDoS attack) is where This month in Webwaves we are lookingauthentication) and SSO (single signmultiple sources are used for the attack. at some common IT initialisms and theiron) are two strategies that can be usedFor example, a number of malware meanings. As with previous Webwavesto simplify your online security. MFA isinfected computers being used to columns, security is the main course, witha methodology for securing accountsoverwhelm infrastructure. In August a side of software. by requiring an additional form of2020, the New Zealand stock exchange verification. MFA has been widelywas the victim of multiple days of DDoS adopted by Australian banks, throughattacks, resulting in the closure of the SSH the use of a physical hardware tokenexchange.or SMS prior to approving transactions. Secure shell (SSH) is a secure protocolThis improves security by requiringOSS/FOSSfor communicating with remote serverssomething you have (phone/token) and was designed as a replacement forin addition to something you knowOpen source software is a broad term Telnet and remote shell (rsh). Secure(password). Single sign on is the usecovering non-proprietary software. Open shell uses symmetric cryptography toof a single login for multiple services.source software has the source code establish a secure connection betweenSeveral of the FAANG companies offerreleased under a licence granting users two points then supports a variety ofSSO, with the ability to use a single loginwide ranging rights use of the software. authentication mechanisms, includingacross multiple services. Single sign onCommon licences can be found listed asymmetric cryptography by way ofreduces password fatigue, and, whenat opensource.org (https://opensource.Figure 1.(public_keypng). Credit to xkcd https://xkcd.com/1553/OCTOBER 2020 PREVIEW 36'