The Quest for Root
- In 1969 Ken Thompson, and Denis Ritchie hacked up MULTICS (Multiplexed Information and computing System) and created UNIX
- Early UNIX environments were located in Bell Labs or in a university
Vulnerability Mapping
- Is the process of mapping specific security attributes of a system to an associated vulnerability or potential vulnerability
Methods of Vulnerability Mapping
- Manually map specific system attributes against publicity available sources of vulnerability information
- Use public exploit code posted to various security mailing lists and any number of websites, or develop own code
- Use automated vulnerability scanning tools, such as Nessus to identify true vulnerabilities
Remote Access
- Defined as gaining access via the network or other communication channel.
Local Access
- Defined as having an actual command shell or login to the system
- Also referred to a privilege escalation attacks
Remote Access
- 4 methods to exploit UNIX
- Exploiting a listening service
- Routing through a UNIX system that is providing security between two or more networks
- UI remote access execution attacks
- Exploiting a process or program that has placed the network interface card into promiscuous mode
ATTACKS and Countermeasures
Brute-force Attacks
- Most basic form of attack
- Most Common types of services attacked
- telnet
- FTP
- Secure Shell
- POP and IMAP
Brute-force Countermeasures
- Using a operating system that offers a service that strengthens passwords like Solaris 10
- PASSLENGTH
- MINWEEK
- MAXWEEK
- WARNWEEK
- ETC
Buffer Overflow Attacks
- Buffer overflow condition
- Occurs when a user or attempts to place more data into a buffer than previously allocated
- Echo “vrfy ‘perl –e ‘print “a” x 1000’ ’ ”
Quiz
1. In what year was Unix project started? 1969
2. What is the name of the parent system that Unix came out of? MULTICS
3. List 2 of the 4 Remote access categories.
- Exploiting a listening service
- Routing through a UNIX system that is providing security between two or more networks
- UI remote access execution attacks
- Exploiting a process or program that has placed the network interface card into promiscuous mode
4. What is the best Countermeasure for a brute force attacks? Strong Passwords
5. Other than disabling unused services to mitigate buffer overflow attacks, what else should you disable? Dangerous services
Back to Cptr427Winter2010