Downloaded 83 times
Uploaded byEric Vanderburg
Ethical hacking Chapter 9 - Linux Vulnerabilities - Eric Vanderburg
This document discusses Linux vulnerabilities and remote attacks. It describes the Linux file system and common vulnerabilities. Remote attack techniques covered include footprinting, social engineering, installing Trojan programs, buffer overflows, and using sniffers. Countermeasures include user awareness training, keeping systems updated with the latest patches, and writing secure code.
More Related Content
Similar to Ethical hacking Chapter 9 - Linux Vulnerabilities - Eric Vanderburg
![UiPath Automation Suite Installation (Hands-On) [2/3]](https://cdn.slidesharecdn.com/ss_thumbnails/automationsuitecommunitysession2-251015095633-a6d862f1-thumbnail.jpg?width=600ounds&width=560&fit=bounds)
Ethical hacking Chapter 9 - Linux Vulnerabilities - Eric Vanderburg
- 1. Ethical Hacking CHAPTER9 – LINUX VULNERABILITIES ERIC VANDERBURG
- 2. Objectives Describethe fundamentals of the Linux operating system Describe the vulnerabilities of the Linux operating system Describe Linux remote attacks Explain countermeasures for protecting the Linux operating system
- 3. Review of LinuxFundamentals Linux is a version of UNIX Usually available free Red Hat Includes documentation and support for a fee Linux creates default directories
- 4. Linux File System Most vital part of any OS Provides many functions Enables directories or folders organization Establishes a file-naming convention Includes utilities to compress or encrypt files Provides for both file and data integrity Enables error recovery Stores information about files and folders *NIX systems store information about files in information nodes (inodes)
- 5. Linux File System(continued) Information stored in an inode An inode number Owner of the file Group the file belongs to Size of the file Date the file was created Date the file was last modified or read File systems use a fixed number of inodes *NIX mounts a file system as a subfile system of the root file system
- 6. Linux File System(continued) mount command is used to mount file systems df command displays the currently mounted file systems File system history on *NIX systems Minix file system Extended File System (Ext) Second Extended File System (Ext2fs) Third Extended File System (Ext3fs)
- 7. Linux File SystemCommands Linux has file system commands for Viewing files Copying files Moving files
- 8. Linux File SystemCommands (continued) Many of these commands have multiple parameters and additional functionality
- 9. Linux OS Vulnerabilities UNIX has been around for quite some time Attackers have had plenty of time to discover vulnerabilities in *NIX systems Enumeration tools can also be used against Linux systems Knoppix A bootable, open-source version of Linux Nessus can be used to enumerate Linux systems
- 10. Linux OS Vulnerabilities (continued) Nessus can be used to Discover vulnerabilities related to SMB and NetBIOS Enumerate shared resources Discover the root password
- 11. Linux OS Vulnerabilities (continued) Test Linux computer against common known vulnerabilities Review the CVE and CAN information Differentiate between local attacks and remote attacks Remote attacks are harder to perform
- 12. Remote Access Attackson Linux Systems Attacking a network remotely requires Knowing what system a remote user is operating The attacked system’s password and login accounts
- 13. Footprinting an AttackedSystem Footprinting techniques Used to find out information about a target system Determining the OS version the attacked computer is running Check newsgroups for details on posted messages Knowing a company’s e-mail address makes the search easier Other footprinting tools include: Whois databases, DNS zone transfers, Nessus, and port scanning tools
- 14. Using Social Engineeringto Attack Remote Linux Systems Goal To get OS information from company employees Common techniques Urgency Quid pro quo Status quo Kindness Position Train your employees about social engineering techniques
- 15. Installing Trojan Programs Trojan programs spread as E-mail attachments Fake patches or security fixes that can be downloaded from the Internet Trojan program functions Allow for remote administration Create a FTP server on attacked machine Steal passwords Log all keys a user enters, and e-mail results to the attacker
- 16. Installing Trojan Programs (continued) Linux Trojan programs are sometimes disguised as legitimate programs Trojan programs can use legitimate outbound ports Firewalls and IDSs cannot identify this traffic as malicious Example: Sheepshank It is easier to protect systems from already identified Trojan programs Trojan.Linux.JBellz Remote Shell Dextenea
- 17. Installing Trojan Programs (continued) Rootkits Contain Trojan binary programs ready to be installed by an intruder with root access to the system Attacker hide the tools used for later attacks Replace legitimate commands with Trojan programs Example: LRK5 Security testers should check their Linux systems for rootkits Rootkit Hunter Chkrootkit
- 18. Creating Buffer OverflowPrograms Buffer overflows write code to the OS’s memory Then run some type of program Can elevate the attacker’s permissions to the level of the owner Security testers should know what a buffer overflow program looks like
- 19. Creating Buffer OverflowPrograms (continued) A C program that causes a buffer overflow
- 20. Creating Buffer OverflowPrograms (continued) A C code snippet that fills the stack with shell code
- 21. Creating Buffer OverflowPrograms (continued) Guidelines to help reduce this type of attack Write code that avoids functions known to have buffer overflow vulnerabilities strcpy() strcat() sprintf() gets() Configure OS to not allow code in the stack to run any other executable code in the stack Use compilers that warn programmers when functions listed in the first bullet are used
- 22. Using Sniffers toGain Access to Remote Linux Systems Sniffers work by setting a network card adapter in promiscuous mode NIC accepts all packets that traverse the network cable Attacker can analyze packets and learn user names and passwords Avoid using protocols such as Telnet, HTTP, and FTP that send data in clear text Sniffers Tcpdump, Ethereal
- 23. Countermeasures Against Linux Remote Attacks Measures include User awareness training Keeping current on new kernel releases and security updates
- 24. User Awareness Training Social Engineering Users must be told not to reveal information to outsiders Make customers aware that many exploits can be downloaded from Web sites Teach users to be suspicious of people asking questions about the system they are using Verify caller’s identity Call back technique
- 25. Keeping Current Never-ending battle New vulnerabilities are discovered daily New patches are issued to fix new vulnerabilities Installing these fixes is essential to protecting your system Many OSs are shipped with automated tools for updating your systems Red Hat Update Agent
- 26. Summary Filesystems store and manage user data and system data Linux uses default directories to store user data and system data Extended File System (Ext) is Linux default file system Information about *NIX files are stored in inodes Vulnerabilities of the Linux OS can be determined by the use of security tools and from the CVE Web site
- 27. Summary (continued) Techniques for remotely attacking Linux systems Footprinting Social engineering Trojan programs Buffer overflows Social engineering can be the most effective way to gather information Countermeasures to Trojan programs include Remove any unneeded services Apply test security updates
- 28. Summary (continued) Countermeasures to buffer overflows include Writing secure code Preventing code from being run in the stack Using compilers that warn when a function is dangerous or risky Other countermeasures Employee training Keeping systems updated