IT
Uploaded byInformation Technology
PPT, PDF7,973 views

Linux Operating System Vulnerabilities

The document discusses vulnerabilities in the Linux operating system and countermeasures to protect Linux systems from remote attacks. It describes how attackers can use tools like Nessus to discover vulnerabilities, deploy trojan programs, and create buffer overflows. It also provides recommendations for system administrators, including keeping systems updated with the latest patches, using rootkit detectors, and training users to avoid social engineering attacks.

Embed presentation

Downloaded 278 times
Hands-On Ethical Hacking and Network Defense Chapter 9 Linux Operating System Vulnerabilities
Objectives Describe the fundamentals of the Linux operating system Describe the vulnerabilities of the Linux operating system Describe Linux remote attacks Explain countermeasures for protecting the Linux operating system
Review of Linux Fundamentals Linux is a version of UNIX Usually available free Red Hat Includes documentation and support for a fee Linux creates default directories
Linux Exploration Demo See link Ch 9b
Linux File System Provides directory structure Establishes a file-naming convention Includes utilities to compress or encrypt files Provides for both file and data integrity Enables error recovery Stores information about files and folders *NIX systems store information about files in information nodes (inodes)
inodes Information stored in an inode An inode number Owner of the file Group the file belongs to Size of the file Date the file was created Date the file was last modified or read There is a fixed number of inodes By default, one inode per 4 KB of disk space
Mounting In Windows, each device has a letter A: for floppy, C: for hard disk, and so on *NIX mounts a file system (usually a drive) as a subfile system of the root file system / mount command is used to mount file systems or to display currently mounted file systems df command displays disk usage of mounted file systems
mount and df in Ubuntu
*NIX File System History Minix file system Max. size 64 MB, Max. file name 14 chars Extended File System (Ext) Max. size 2 GB, Max. file name 256 chars Second Extended File System (Ext2fs) Max. size 4 TB, better performance and stability Third Extended File System (Ext3fs) Journaling—recovers from crashes better
Linux Commands
Getting Help Many of these commands have multiple parameters and additional functionality Use these commands to get help. (Replace command with the command you want help with, such as ifconfig ) command --help man command
Linux OS Vulnerabilities UNIX has been around for quite some time Attackers have had plenty of time to discover vulnerabilities in *NIX systems Enumeration tools can also be used against Linux systems Nessus can be used to enumerate Linux systems
Nessus Scanning a Linux Server
Linux OS Vulnerabilities (continued) Nessus can be used to Discover vulnerabilities related to SMB and NetBIOS Discover other vulnerabilities Enumerate shared resources
Linux OS Vulnerabilities (continued) Test Linux computer against common known vulnerabilities Review the CVE and CAN information See links Ch 9m, n, o
Remote Access Attacks on Linux Systems Differentiate between local attacks and remote attacks Remote attacks are harder to perform Attacking a network remotely requires Knowing what system a remote user is operating The attacked system’s password and login accounts
Footprinting an Attacked System Footprinting techniques Used to find out information about a target system Determining the OS version the attacked computer is running Check newsgroups for details on posted messages Knowing a company’s e-mail address makes the search easier
Other Footprinting Tools Whois databases DNS zone transfers Nessus Port scanning tools
Using Social Engineering to Attack Remote Linux Systems Goal To get OS information from company employees Common techniques Urgency Quid pro quo Status quo Kindness Position Train your employees about social engineering techniques
Trojans Trojan programs spread as E-mail attachments Fake patches or security fixes that can be downloaded from the Internet Trojan program functions Allow for remote administration Create a FTP server on attacked machine Steal passwords Log all keys a user enters, and e-mail results to the attacker
Trojans Trojan programs can use legitimate outbound ports Firewalls and IDSs cannot identify this traffic as malicious Example: Sheepshank uses HTTP GETs It is easier to protect systems from already identified Trojan programs See links Ch 9e, f, g
Installing Trojan Programs (continued) Rootkits Contain Trojan binary programs ready to be installed by an intruder with root access to the system Replace legitimate commands with Trojan programs Hides the tools used for later attacks Example: LRK5
LRK5 See Links Ch 9h, i, j
Rootkit Detectors Security testers should check their Linux systems for rootkits Rootkit Hunter (Link Ch 9l) Chkrootkit (Link Ch 9l) Rootkit Profiler (Link Ch 9k)
Demonstration of rkhunter sudo apt-get install rkhunter sudo rkhunter -c
Creating Buffer Overflow Programs Buffer overflows write code to the OS’s memory Then run some type of program Can elevate the attacker’s permissions to the level of the owner Security testers should know what a buffer overflow program looks like
Creating Buffer Overflow Programs (continued) A C program that causes a buffer overflow
Creating Buffer Overflow Programs (continued) The program compiles, but returns the following error
Creating Buffer Overflow Programs (continued) A C code snippet that fills the stack with shell code
Avoiding Buffer Overflows Write code that avoids functions known to have buffer overflow vulnerabilities strcpy() strcat() sprintf() gets() Configure OS to not allow code in the stack to run any other executable code in the stack Some compilers like gcc warn programmers when dangerous functions are used
Using Sniffers to Gain Access to Remote Linux Systems Sniffers work by setting a network card adapter in promiscuous mode NIC accepts all packets that traverse the network cable Attacker can analyze packets and learn user names and passwords Avoid using protocols such as Telnet, HTTP, and FTP that send data in clear text Sniffers Tcpdump, Ethereal (now Wireshark)
Countermeasures Against Linux Remote Attacks Measures include User awareness training Keeping current on new kernel releases and security updates
User Awareness Training Social Engineering Users must be told not to reveal information to outsiders Make customers aware that many exploits can be downloaded from Web sites Teach users to be suspicious of people asking questions about the system they are using Verify caller’s identity Call back technique
Keeping Current Never-ending battle New vulnerabilities are discovered daily New patches are issued to fix new vulnerabilities Installing these fixes is essential to protecting your system Many OSs are shipped with automated tools for updating your systems
Linux Operating System Vulnerabilities
Linux Operating System Vulnerabilities

More Related Content

PPTX
Scanning and Enumeration in Cyber Security.pptx
byMahdiHasanSowrav
 
PPT
IDS and IPS
bySantosh Khadsare
 
PDF
Ch 11: Hacking Wireless Networks
bySam Bowne
 
PPTX
Types of attacks
byVivek Gandhi
 
PPTX
Cyber Threat Intelligence.pptx
byAbimbolaFisher1
 
PPTX
Advanced persistent threat (apt)
bymmubashirkhan
 
PPTX
Cia security model
byImran Ahmed
 
PPT
Proxy Servers
bySourav Roy
 
Scanning and Enumeration in Cyber Security.pptx
byMahdiHasanSowrav
 
IDS and IPS
bySantosh Khadsare
 
Ch 11: Hacking Wireless Networks
bySam Bowne
 
Types of attacks
byVivek Gandhi
 
Cyber Threat Intelligence.pptx
byAbimbolaFisher1
 
Advanced persistent threat (apt)
bymmubashirkhan
 
Cia security model
byImran Ahmed
 
Proxy Servers
bySourav Roy
 

What's hot

PDF
Network Security Fundamentals
byRahmat Suhatman
 
PPTX
Network security
bySimranpreet Singh
 
PPTX
What is Cryptography and Types of attacks in it
bylavakumar Thatisetti
 
PPTX
IP Spoofing
byAkmal Hussain
 
PPTX
Network forensics and investigating logs
byanilinvns
 
PDF
Threat Hunting
bySplunk
 
PPTX
Splunk Overview
bySplunk
 
PPTX
Introduction to information security
byjayashri kolekar
 
PPT
Reconnaissance & Scanning
byamiable_indian
 
PDF
Cyber threat intelligence ppt
byKumar Gaurav
 
PDF
MITRE ATT&CK Framework
byn|u - The Open Security Community
 
PPSX
Intrusion detection system
bygaurav koriya
 
PDF
Fundamentals of IoT Security
bySHAAMILIVARSAGV
 
PDF
Penetration testing & Ethical Hacking
byS.E. CTS CERT-GOV-MD
 
PPTX
Cloud Computing Security
byNinh Nguyen
 
PPTX
Data Acquisition
byprimeteacher32
 
PPT
Intrusion detection system ppt
bySheetal Verma
 
PPTX
DVWA(Damn Vulnerabilities Web Application)
bySoham Kansodaria
 
PPTX
What is Penetration Testing?
bybtpsec
 
PDF
Nmap basics
byitmind4u
 
Network Security Fundamentals
byRahmat Suhatman
 
Network security
bySimranpreet Singh
 
What is Cryptography and Types of attacks in it
bylavakumar Thatisetti
 
IP Spoofing
byAkmal Hussain
 
Network forensics and investigating logs
byanilinvns
 
Threat Hunting
bySplunk
 
Splunk Overview
bySplunk
 
Introduction to information security
byjayashri kolekar
 
Reconnaissance & Scanning
byamiable_indian
 
Cyber threat intelligence ppt
byKumar Gaurav
 
MITRE ATT&CK Framework
byn|u - The Open Security Community
 
Intrusion detection system
bygaurav koriya
 
Fundamentals of IoT Security
bySHAAMILIVARSAGV
 
Penetration testing & Ethical Hacking
byS.E. CTS CERT-GOV-MD
 
Cloud Computing Security
byNinh Nguyen
 
Data Acquisition
byprimeteacher32
 
Intrusion detection system ppt
bySheetal Verma
 
DVWA(Damn Vulnerabilities Web Application)
bySoham Kansodaria
 
What is Penetration Testing?
bybtpsec
 
Nmap basics
byitmind4u
 

Viewers also liked

PPT
Security and Linux Security
byRizky Ariestiyansyah
 
PPT
Threats, Vulnerabilities & Security measures in Linux
byAmitesh Bharti
 
PPTX
Linux fundamentals
byRaghu nath
 
PPT
Operating system vulnerability and control
byأحلام انصارى
 
PDF
Linux Hardening
byMichael Boelen
 
PPT
Basic Linux Security
bypankaj009
 
PPT
Linux Vulnerabilities
bySecurityTube.Net
 
PPTX
Linux security introduction
byMohamed Gad
 
PPT
8.1.intro unix
bysouthees
 
PPT
Linux training
byParker Fong
 
PDF
linux os-basics,Devops training in Hyderabad
byDevops Trainer
 
PPT
Linux fundamentals Training
byLove Steven
 
PDF
Linux Fundamental
byGong Haibing
 
PPTX
Linux Security Overview
byKernel TLV
 
PDF
Linux fundamentals commands
bySau Putt
 
PPT
intro unix/linux 03
byduquoi
 
PPS
Ch04 slide
byAriya Thong-o
 
PDF
Linux security (outline)
byR.Harish Navnit
 
PDF
Security & Cryptography In Linux
byAhmed Mekkawy
 
PDF
Operating systems security 2007 vulnerability report
byAjit Gaddam
 
Security and Linux Security
byRizky Ariestiyansyah
 
Threats, Vulnerabilities & Security measures in Linux
byAmitesh Bharti
 
Linux fundamentals
byRaghu nath
 
Operating system vulnerability and control
byأحلام انصارى
 
Linux Hardening
byMichael Boelen
 
Basic Linux Security
bypankaj009
 
Linux Vulnerabilities
bySecurityTube.Net
 
Linux security introduction
byMohamed Gad
 
8.1.intro unix
bysouthees
 
Linux training
byParker Fong
 
linux os-basics,Devops training in Hyderabad
byDevops Trainer
 
Linux fundamentals Training
byLove Steven
 
Linux Fundamental
byGong Haibing
 
Linux Security Overview
byKernel TLV
 
Linux fundamentals commands
bySau Putt
 
intro unix/linux 03
byduquoi
 
Ch04 slide
byAriya Thong-o
 
Linux security (outline)
byR.Harish Navnit
 
Security & Cryptography In Linux
byAhmed Mekkawy
 
Operating systems security 2007 vulnerability report
byAjit Gaddam
 

Similar to Linux Operating System Vulnerabilities

PDF
Linux Internals - Part I
byEmertxe Information Technologies Pvt Ltd
 
PPTX
Linux Presentation
byMuhammad Qazi
 
PPTX
Ethical hacking Chapter 9 - Linux Vulnerabilities - Eric Vanderburg
byEric Vanderburg
 
PPT
linux system and network administrations
byhaile468688
 
PDF
Module 4.pdf Network security Linux Overview
byhoangvttlu
 
PPTX
linux _________________________v1.2.pptx
bysohamkolha
 
PPTX
Module Security education_4_Linux_Overview.pptx
byheruwanto4
 
PPT
Chapter09 -- networking with unix and linux
byRaja Waseem Akhtar
 
PDF
Linux Presentation_SSD.pdf
byssuser37b0e0
 
PDF
Administer and Secure Enterprise Linux 2021st Edition Russell Overton
byzondahoyes75
 
PDF
Linux: Everyting-as-a-service
byRohit Sansiya
 
PDF
Administer and Secure Enterprise Linux 2021st Edition Russell Overton
byanibeakatira
 
DOCX
Linux Operating SystemMigration ProposalCMIT 391 - Section .docx
bywashingtonrosy
 
PPTX
prateekporwal
byprateekporwal
 
PDF
Ceh v5 module 18 linux hacking
byVi Tính Hoàng Nam
 
PPT
Ch01
byMike Qaissaunee
 
PPTX
Network_lecture_for_students_whom_intersted.pptx
byIslamReda28
 
PPTX
Linux remote
byyarden hanan
 
ODP
Security, Hack1ng and Hardening on Linux - an Overview
byKaiwan Billimoria
 
PPTX
LinuxTraining_3.pptx
byeyob51
 
Linux Internals - Part I
byEmertxe Information Technologies Pvt Ltd
 
Linux Presentation
byMuhammad Qazi
 
Ethical hacking Chapter 9 - Linux Vulnerabilities - Eric Vanderburg
byEric Vanderburg
 
linux system and network administrations
byhaile468688
 
Module 4.pdf Network security Linux Overview
byhoangvttlu
 
linux _________________________v1.2.pptx
bysohamkolha
 
Module Security education_4_Linux_Overview.pptx
byheruwanto4
 
Chapter09 -- networking with unix and linux
byRaja Waseem Akhtar
 
Linux Presentation_SSD.pdf
byssuser37b0e0
 
Administer and Secure Enterprise Linux 2021st Edition Russell Overton
byzondahoyes75
 
Linux: Everyting-as-a-service
byRohit Sansiya
 
Administer and Secure Enterprise Linux 2021st Edition Russell Overton
byanibeakatira
 
Linux Operating SystemMigration ProposalCMIT 391 - Section .docx
bywashingtonrosy
 
prateekporwal
byprateekporwal
 
Ceh v5 module 18 linux hacking
byVi Tính Hoàng Nam
 
Ch01
byMike Qaissaunee
 
Network_lecture_for_students_whom_intersted.pptx
byIslamReda28
 
Linux remote
byyarden hanan
 
Security, Hack1ng and Hardening on Linux - an Overview
byKaiwan Billimoria
 
LinuxTraining_3.pptx
byeyob51
 

More from Information Technology

PPT
Web Hacking
byInformation Technology
 
PPT
Clustering and High Availability
byInformation Technology
 
PPT
SAN
byInformation Technology
 
PPT
SharePoint Topology
byInformation Technology
 
PPT
Microsoft Clustering
byInformation Technology
 
PPT
RAID Review
byInformation Technology
 
PPT
MOSS 2007 Deployment Fundamentals -Part2
byInformation Technology
 
PPT
SAN Review
byInformation Technology
 
PPT
Migration from ASP to ASP.NET
byInformation Technology
 
PPT
IIS 7: The Administrator’s Guide
byInformation Technology
 
PPT
WSS 3.0 & SharePoint 2007
byInformation Technology
 
PDF
F5 beyond load balancer (nov 2009)
byInformation Technology
 
PPT
Review of SQL
byInformation Technology
 
PDF
Scalable Internet Servers and Load Balancing
byInformation Technology
 
PDF
Sql Server Security Best Practices
byInformation Technology
 
PPT
MOSS 2007 Deployment Fundamentals -Part1
byInformation Technology
 
PPT
SQL 2005 Disk IO Performance
byInformation Technology
 
PPT
Sql 2005 high availability
byInformation Technology
 
PDF
Sharepoint Deployments
byInformation Technology
 
PPTX
Web303
byInformation Technology
 
Web Hacking
byInformation Technology
 
Clustering and High Availability
byInformation Technology
 
SAN
byInformation Technology
 
SharePoint Topology
byInformation Technology
 
Microsoft Clustering
byInformation Technology
 
RAID Review
byInformation Technology
 
MOSS 2007 Deployment Fundamentals -Part2
byInformation Technology
 
SAN Review
byInformation Technology
 
Migration from ASP to ASP.NET
byInformation Technology
 
IIS 7: The Administrator’s Guide
byInformation Technology
 
WSS 3.0 & SharePoint 2007
byInformation Technology
 
F5 beyond load balancer (nov 2009)
byInformation Technology
 
Review of SQL
byInformation Technology
 
Scalable Internet Servers and Load Balancing
byInformation Technology
 
Sql Server Security Best Practices
byInformation Technology
 
MOSS 2007 Deployment Fundamentals -Part1
byInformation Technology
 
SQL 2005 Disk IO Performance
byInformation Technology
 
Sql 2005 high availability
byInformation Technology
 
Sharepoint Deployments
byInformation Technology
 
Web303
byInformation Technology
 

Recently uploaded

PPTX
GROWTH & DEVELOPMENT MILESTONES (INFANTS).pptx
byAneetaSharma15
 
PPTX
TAMIS & TEMS - HOW, WHY and THE STEPS IN PROCTOLOGY
byJohn Thanakumar
 
PDF
The voice of the rain poem class 11th.pdf
byReeta Baral
 
PPTX
ATTENTION -PART 2.pptx Shilpa Hotakar for I semester BSc students
bySHILPA HOTAKAR
 
PDF
Introduction to Descriptive Statistics.pdf
byThelma Villaflores
 
PDF
Environmental Studies Module 2 BBA,BCCA Sem 1 NEP.pdf
byJayanti Pande
 
PDF
Environmental Studies Module 4 BBA,BCCA Sem 1 NEP.pdf
byJayanti Pande
 
PPTX
Growth & Development MILESTONES (ADOLESCENTS ).pptx
byAneetaSharma15
 
PPTX
Expected Revenue Report In Odoo 18 CRM
byCeline George
 
PPTX
PARENTAL ROUTES OF DRUGS ADMINISTRATION .pptx
byAneetaSharma15
 
PDF
Comprehensive Principles, Design Techniques, and Applications of Electronic O...
byGS Virdi
 
PDF
Advanced Process Flow and Micromachining Techniques for MEMS Fabrication: A D...
byGS Virdi
 
PDF
Cultivating Greatness Pune's Best Preschools and Schools.pdf
byWellington College
 
PPTX
Steve Hale - Developing Elite Young Goalkeepers 2024.pptx
bypjmfd
 
PPTX
Coefficient of Multiple Correlation - R₁.₂₃, R₂.₁₃ & R₃.₁₂
bySundar B N
 
PPTX
Partial Correlation of Coefficient - Values of r₁₂.₃, r₂₃.₁ & r₁₃.₂
bySundar B N
 
PDF
Environmental Studies Module 1 BBA,BCCA Sem 1 NEP.pdf
byJayanti Pande
 
PPTX
Industrial production, estimation and utilization of the following phytoconst...
byD. Y. Patil College of Pharmacy, Kolhapur.
 
PPTX
B. Pharmacy Unit-3 (Fats and Oils Reaction and Analytical Constant)
bySandeshSul
 
PPTX
Isolation, Identification and Analysis of phytoconstituents.
byD. Y. Patil College of Pharmacy, Kolhapur.
 
GROWTH & DEVELOPMENT MILESTONES (INFANTS).pptx
byAneetaSharma15
 
TAMIS & TEMS - HOW, WHY and THE STEPS IN PROCTOLOGY
byJohn Thanakumar
 
The voice of the rain poem class 11th.pdf
byReeta Baral
 
ATTENTION -PART 2.pptx Shilpa Hotakar for I semester BSc students
bySHILPA HOTAKAR
 
Introduction to Descriptive Statistics.pdf
byThelma Villaflores
 
Environmental Studies Module 2 BBA,BCCA Sem 1 NEP.pdf
byJayanti Pande
 
Environmental Studies Module 4 BBA,BCCA Sem 1 NEP.pdf
byJayanti Pande
 
Growth & Development MILESTONES (ADOLESCENTS ).pptx
byAneetaSharma15
 
Expected Revenue Report In Odoo 18 CRM
byCeline George
 
PARENTAL ROUTES OF DRUGS ADMINISTRATION .pptx
byAneetaSharma15
 
Comprehensive Principles, Design Techniques, and Applications of Electronic O...
byGS Virdi
 
Advanced Process Flow and Micromachining Techniques for MEMS Fabrication: A D...
byGS Virdi
 
Cultivating Greatness Pune's Best Preschools and Schools.pdf
byWellington College
 
Steve Hale - Developing Elite Young Goalkeepers 2024.pptx
bypjmfd
 
Coefficient of Multiple Correlation - R₁.₂₃, R₂.₁₃ & R₃.₁₂
bySundar B N
 
Partial Correlation of Coefficient - Values of r₁₂.₃, r₂₃.₁ & r₁₃.₂
bySundar B N
 
Environmental Studies Module 1 BBA,BCCA Sem 1 NEP.pdf
byJayanti Pande
 
Industrial production, estimation and utilization of the following phytoconst...
byD. Y. Patil College of Pharmacy, Kolhapur.
 
B. Pharmacy Unit-3 (Fats and Oils Reaction and Analytical Constant)
bySandeshSul
 
Isolation, Identification and Analysis of phytoconstituents.
byD. Y. Patil College of Pharmacy, Kolhapur.
 
In this document
Powered by AI
See More

Introduction to chapter on Linux vulnerabilities focuses on outlining Linux fundamentals.

Explains the goals of the chapter including understanding Linux fundamentals, vulnerabilities, remote attacks, and protective measures.

Provides a review of Linux basics including its origins from UNIX and documentation provided by distributions like Red Hat.

Details Linux file system structure, naming conventions, and features such as file integrity and error recovery.

Explains inodes structure, their metadata including file size, ownership, and limitations on inode numbers.

Discusses how file systems are mounted in Linux compared to Windows, including commands like mount and df.

Reviews history of various file systems in Linux and improvements in size and performance with each evolution.

Outlines essential Linux commands for users, including help commands for better understanding of functionalities.

Examines discoveries of vulnerabilities in Linux, utilization of tools like Nessus for system enumeration, and reviewing CVE data.

Differentiates local vs. remote attacks, introduces footprinting techniques to gather information about target systems.

Discusses social engineering strategies targeting employees to extract OS information and suggests training for countermeasures.

Describes how Trojan programs operate, their stealthy nature, and gives an example of Trojan program behavior.

Details about rootkits and Trojan installation methods, along with recommended detection tools like rkhunter.

Explains the concept of buffer overflows, their implications for security, and coding practices to prevent such vulnerabilities.

Explains how sniffers function in network monitoring, the risks of plaintext protocol use, and examples of such tools.

Recommends proactive measures for Linux users including training on social engineering and updating security patches.

Linux Operating System Vulnerabilities

  • 1.
    Hands-On Ethical Hackingand Network Defense Chapter 9 Linux Operating System Vulnerabilities
  • 2.
    Objectives Describe thefundamentals of the Linux operating system Describe the vulnerabilities of the Linux operating system Describe Linux remote attacks Explain countermeasures for protecting the Linux operating system
  • 3.
    Review of LinuxFundamentals Linux is a version of UNIX Usually available free Red Hat Includes documentation and support for a fee Linux creates default directories
  • 6.
    Linux Exploration DemoSee link Ch 9b
  • 7.
    Linux File SystemProvides directory structure Establishes a file-naming convention Includes utilities to compress or encrypt files Provides for both file and data integrity Enables error recovery Stores information about files and folders *NIX systems store information about files in information nodes (inodes)
  • 8.
    inodes Information storedin an inode An inode number Owner of the file Group the file belongs to Size of the file Date the file was created Date the file was last modified or read There is a fixed number of inodes By default, one inode per 4 KB of disk space
  • 9.
    Mounting InWindows, each device has a letter A: for floppy, C: for hard disk, and so on *NIX mounts a file system (usually a drive) as a subfile system of the root file system / mount command is used to mount file systems or to display currently mounted file systems df command displays disk usage of mounted file systems
  • 10.
    mount and dfin Ubuntu
  • 11.
    *NIX File SystemHistory Minix file system Max. size 64 MB, Max. file name 14 chars Extended File System (Ext) Max. size 2 GB, Max. file name 256 chars Second Extended File System (Ext2fs) Max. size 4 TB, better performance and stability Third Extended File System (Ext3fs) Journaling—recovers from crashes better
  • 12.
  • 14.
    Getting Help Manyof these commands have multiple parameters and additional functionality Use these commands to get help. (Replace command with the command you want help with, such as ifconfig ) command --help man command
  • 15.
    Linux OS VulnerabilitiesUNIX has been around for quite some time Attackers have had plenty of time to discover vulnerabilities in *NIX systems Enumeration tools can also be used against Linux systems Nessus can be used to enumerate Linux systems
  • 16.
    Nessus Scanning aLinux Server
  • 17.
    Linux OS Vulnerabilities(continued) Nessus can be used to Discover vulnerabilities related to SMB and NetBIOS Discover other vulnerabilities Enumerate shared resources
  • 18.
    Linux OS Vulnerabilities(continued) Test Linux computer against common known vulnerabilities Review the CVE and CAN information See links Ch 9m, n, o
  • 20.
    Remote Access Attackson Linux Systems Differentiate between local attacks and remote attacks Remote attacks are harder to perform Attacking a network remotely requires Knowing what system a remote user is operating The attacked system’s password and login accounts
  • 21.
    Footprinting an AttackedSystem Footprinting techniques Used to find out information about a target system Determining the OS version the attacked computer is running Check newsgroups for details on posted messages Knowing a company’s e-mail address makes the search easier
  • 22.
    Other Footprinting ToolsWhois databases DNS zone transfers Nessus Port scanning tools
  • 23.
    Using Social Engineeringto Attack Remote Linux Systems Goal To get OS information from company employees Common techniques Urgency Quid pro quo Status quo Kindness Position Train your employees about social engineering techniques
  • 24.
    Trojans Trojan programsspread as E-mail attachments Fake patches or security fixes that can be downloaded from the Internet Trojan program functions Allow for remote administration Create a FTP server on attacked machine Steal passwords Log all keys a user enters, and e-mail results to the attacker
  • 25.
    Trojans Trojan programscan use legitimate outbound ports Firewalls and IDSs cannot identify this traffic as malicious Example: Sheepshank uses HTTP GETs It is easier to protect systems from already identified Trojan programs See links Ch 9e, f, g
  • 26.
    Installing Trojan Programs(continued) Rootkits Contain Trojan binary programs ready to be installed by an intruder with root access to the system Replace legitimate commands with Trojan programs Hides the tools used for later attacks Example: LRK5
  • 27.
    LRK5 See LinksCh 9h, i, j
  • 28.
    Rootkit Detectors Securitytesters should check their Linux systems for rootkits Rootkit Hunter (Link Ch 9l) Chkrootkit (Link Ch 9l) Rootkit Profiler (Link Ch 9k)
  • 29.
    Demonstration of rkhuntersudo apt-get install rkhunter sudo rkhunter -c
  • 30.
    Creating Buffer OverflowPrograms Buffer overflows write code to the OS’s memory Then run some type of program Can elevate the attacker’s permissions to the level of the owner Security testers should know what a buffer overflow program looks like
  • 31.
    Creating Buffer OverflowPrograms (continued) A C program that causes a buffer overflow
  • 32.
    Creating Buffer OverflowPrograms (continued) The program compiles, but returns the following error
  • 33.
    Creating Buffer OverflowPrograms (continued) A C code snippet that fills the stack with shell code
  • 34.
    Avoiding Buffer OverflowsWrite code that avoids functions known to have buffer overflow vulnerabilities strcpy() strcat() sprintf() gets() Configure OS to not allow code in the stack to run any other executable code in the stack Some compilers like gcc warn programmers when dangerous functions are used
  • 35.
    Using Sniffers toGain Access to Remote Linux Systems Sniffers work by setting a network card adapter in promiscuous mode NIC accepts all packets that traverse the network cable Attacker can analyze packets and learn user names and passwords Avoid using protocols such as Telnet, HTTP, and FTP that send data in clear text Sniffers Tcpdump, Ethereal (now Wireshark)
  • 36.
    Countermeasures Against LinuxRemote Attacks Measures include User awareness training Keeping current on new kernel releases and security updates
  • 37.
    User Awareness TrainingSocial Engineering Users must be told not to reveal information to outsiders Make customers aware that many exploits can be downloaded from Web sites Teach users to be suspicious of people asking questions about the system they are using Verify caller’s identity Call back technique
  • 38.
    Keeping Current Never-endingbattle New vulnerabilities are discovered daily New patches are issued to fix new vulnerabilities Installing these fixes is essential to protecting your system Many OSs are shipped with automated tools for updating your systems