linux operating system vulnerabilities n.
Skip this Video
Loading SlideShow in 5 Seconds..
Linux Operating System Vulnerabilities PowerPoint Presentation
Download Presentation
Linux Operating System Vulnerabilities

Loading in 2 Seconds...

play fullscreen
1 / 40

Linux Operating System Vulnerabilities - PowerPoint PPT Presentation

  • Uploaded on

Linux Operating System Vulnerabilities. SCSC 555. Objectives. Fundamentals of Linux operating system Vulnerabilities of Linux operating system Remote attacks on Linux Protecting Linux operating system. Linux default directories. Linux file system history Minix file system

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

Linux Operating System Vulnerabilities

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
    Presentation Transcript
    1. Linux Operating System Vulnerabilities SCSC 555

    2. Objectives • Fundamentals of Linux operating system • Vulnerabilities of Linux operating system • Remote attacks on Linux • Protecting Linux operating system

    3. Linux default directories • Linux file system history • Minix file system • Extended File System (Ext) • Second Extended File System (Ext2fs) • Third Extended File System (Ext3fs) • (read details on text)

    4. Linux File System • File system • Enables directories or folders organization • Establishes a file-naming convention • Includes utilities to compress or encrypt files • Provides for both file and data integrity • Enables error recovery • Stores information about files and folders • File systems store information about files in information nodes (inodes)

    5. Linux File System (continued) • Information stored in an inode • An inode number • Owner of the file • Group the file belongs to • Size of the file • Date the file was created • Date the file was last modified or read • File systems use a fixed number of inodes • mounts a file system as a subfile system of the root file system

    6. Linux File System (continued) • mount command is used to mount file systems

    7. Linux File System (continued) • df command displays the currently mounted file systems

    8. Linux Network Commands

    9. Linux Network Commands

    10. Objectives • Fundamentals of Linux operating system • Vulnerabilities of Linux operating system • Remote attacks on Linux • Protecting Linux operating system

    11. Linux OS Vulnerabilities • UNIX has been around for quite some time • Attackers have had plenty of time to discover vulnerabilities in *NIX systems • Enumeration tools can also be used against Linux systems • Nessus can be used to enumerate Linux systems • Discover vulnerabilities related to SMB and NetBIOS • Enumerate shared resources • Discover the root password

    12. Common known vulnerabilities (CVE)

    13. Objectives • Fundamentals of Linux operating system • Vulnerabilities of Linux operating system • Remote attacks on Linux • Protecting Linux operating system

    14. Linux OS Vulnerabilities (continued) • Differentiate between local attacks and remote attacks • Remote attacks are harder to perform • Attacking a network remotely requires • Knowing what system a remote user is operating • The attacked system’s password and login accounts

    15. Footprinting a Target System • Footprinting techniques • Used to find out information about a target system • footprinting tools include: Whois databases, DNS zone transfers, Nessus, and port scanning tools • Determining the OS version the attacked computer is running • Check newsgroups for details on posted messages • Knowing a company’s e-mail address makes the search easier

    16. Using Social Engineering to Attack Remote Linux Systems • Goal • To get OS information from company employees • Common techniques • Urgency • Quid pro quo • Status quo • Kindness • Position • Train your employees about social engineering techniques

    17. Installing Trojan Programs • Trojan programs spread as • E-mail attachments • Fake patches or security fixes that can be downloaded from the Internet • Trojan program functions • Allow for remote administration • Create a FTP server on attacked machine • Steal passwords • Log all keys a user enters, and e-mail results to the attacker

    18. Installing Trojan Programs (continued) • Linux Trojan programs disguised as legitimate programs • can use legitimate outbound ports • Firewalls and IDSs cannot identify this traffic as malicious • E.g.: Sheepshank use port 80 FTTP GET (p214) • It is easier to protect systems from already identified Trojan programs • E.g., Trojan.Linux.JBellz, Remote Shell, Dextenea

    19. Rootkits • Rootkits • Contain Trojan binary programs ready to be installed by an intruder with root access to the system • Attacker hide the tools used for later attacks • Replace legitimate commands with Trojan programs • E.g.: LRK5 • Tool to check rootkits • Rootkit Hunter • Chkrootkit

    20. How they gain root? • Scan the system(s) for un-patched code/module • Intruders usually focus on a small number of exploits

    21. Deploy Trojan • Trojan horse is a malicious program that is disguised as legitimate software • Trojan horse programs bundled in the form of “Rootkits”. • Originally written for Sun’s Berkeley flavor of Unix (SunOS 4) "

    22. What is a Rootkit? • A rootkit is a set of tools used by an intruder after cracking a computer system. • help the attacker maintain his or her access to the system and use it for malicious purposes. • Hides data that indicates an intruder has control of your system • Rootkits exist for a variety of operating systems such as Linux, Solaris and Microsoft Windows.

    23. History • Rootkits were first developed for Unix • Back in 1980’s determining what was happening on your Unix box wasn’t too hard • a set of tools “service tools” report status, maintain logs and provide user feedback to the current state of the system.

    24. Service tools Scheduler information Eg: crontab Future User account information Eg: who, last, login, passwd Process/File information Eg: ls, find, du, top, pidof, du Network information Eg:netstat, ifconfig, rshd, telnet Present System/User Logs Eg: /var/log/messages Past

    25. Early Rootkits • Early Rootkits were bundle of program that replaced these service binary with trojans • For example: a binary of “last” with following wrapper script last | awk '$1 !~ /malliciousUserName/ {print $0}'

    26. Traditional Rootkits • Linux RootKit 5 (lrk5) • written by Lord Somer • one of the most full-featured RootKits • includes Trojan versions of the following: • chfn, chsh, crontab, du, find, ifconfig, inetd, killall, login, ls, netstat, passwd, pidof, ps, rshd, syslogd, tcpd, top, sshd, and su

    27. Protection / Prevention mechanism • Get a program to scan /bin/login and see if it has been corrupted • Tools like Tripwrie can check the Integrity of the file if an hash has been generated at install time. • Identify and replace the files that have been modified. • Use md5 checksum to check for the authenticity of the program.

    28. Unix Rootkit Analysis/Detection/Deterrent Tools • Chkrootkit • Tripwire • Rkscan • Carbonite • Rkdet • Checkps • LSM (Loadable Security Module) • LCAP (Linux Kernel Capability Bounding Set Editor)

    29. Chkrootkit Tests

    30. 01. lrk3, lrk4, lrk5, lrk6 (and variants); 02. Solaris rootkit; 03. FreeBSD rootkit; 04. t0rn (and variants); 05. Ambient's Rootkit (ARK); 06. Ramen Worm; 07. rh[67]-shaper; 08. RSHA; 09. Romanian rootkit; 10. RK17; 11. Lion Worm; 12. Adore Worm; 13. LPD Worm; 14. kenny-rk; 15. Adore LKM; 16. ShitC Worm; Chkrootkit Detects These Rootkits, Worms and LKMs • 17. Omega Worm; • 18. Wormkit Worm; • 19. Maniac-RK; • 20. dsc-rootkit; • 21. Ducoci rootkit; • 22. x.c Worm; • 23. RST.b trojan; • 24. duarawkz; • 25. knark LKM; • 26. Monkit; • 27. Hidrootkit; • 28. Bobkit; • 29. Pizdakit; • 30. t0rn v8.0; • 31. Showtee; • 32. Optickit; • 33. T.R.K; • 34. MithRa's Rootkit; • 35. George; • 36. SucKIT; • 37. Scalper; • 38. Slapper A, B, C and D; • 39. OpenBSD rk v1; • 40. Illogic rootkit; • 41. SK rootkit. • 42. sebek LKM; • 43. Romanian rootkit; • 44. LOC rootkit; • 45. shv4 rootkit; • 46. Aquatica rootkit; • 47. ZK rootkit;

    31. Creating Buffer Overflow Programs • Buffer overflows write code to the OS’s memory • Then run some type of program • Can elevate the attacker’s permissions to the level of the owner • A buffer overflow program looks like

    32. Creating Buffer Overflow Programs (continued) • The program compiles, but returns the following error

    33. Creating Buffer Overflow Programs (continued) • Guidelines to help reduce this type of attack • Avoids functions known to have buffer overflow vulnerabilities • strcpy() • strcat() • sprintf() • gets() • Configure OS to not allow code in the stack to run any other executable code in the stack • Use compilers that warn programmers when functions listed in the first bullet are used

    34. Using Sniffers to Gain Access to Remote Linux Systems • Sniffers work by setting a network card adapter in promiscuous mode • NIC accepts all packets that traverse the network cable • Attacker can analyze packets and learn user names and passwords • Avoid using protocols such as Telnet, HTTP, and FTP that send data in clear text • Sniffers • Tcpdump, Ethereal (wireshark)

    35. Objectives • Fundamentals of Linux operating system • Vulnerabilities of Linux operating system • Remote attacks on Linux • Protecting Linux operating system

    36. User awareness training • Users must be told not to reveal information to outsiders • Make customers aware that many exploits can be downloaded from Web sites • Teach users to be suspicious of people asking questions about the system they are using • Verify caller’s identity • Call back technique

    37. Keeping current • Keeping current on new kernel releases and security updates • Installing these fixes is essential to protecting your system • automated tools for updating your systems