LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: November 21st, 2014
Linux Security Week: November 17th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Reducing the Risk Print E-mail
User Rating:      How can I rate this item?
Source: Ryan W. Maple - Posted by Ryan W. Maple   
Learn tips and tricks Reducing the risk of intrusion can be achieved by eliminating many of the known common problems. The vast majority of attacks on done by script kiddies who scan massive IP blocks looking for a vulnerable computer, then run a program which they don't understand, to exploit the vulnerability they've just discovered. To block these script kiddies just fix the common vulnerabilities that the programs they use rely on.

Buffer Overflow

A buffer overflow attack is when the attacker sends malformed packets to a service that causes the memory buffer to overflow. The cracker hopes this will cause the program to crash and defaulting into a root prompt. Buffer overflows happen because of programming errors where input was not checked to be valid.

To prevent buffer overflows, all code must be meticulously hand checked multiple times by multiple people. Since this is not often possible, to limit the chances of being successfully cracked by a buffer overflow attack, make sure you keep your systems up to date and get rid of all excess services. Reducing the number of total services your server is offering, the less amount of code that could have a potential buffer overflow. Also, there are kernel patches that prevent some forms of buffer overflow.

Denial of Service

A Denial of Service, DoS, attack can come in many shapes and forms. The Blue Screen of Death from Windows can be one if it is caused by someone and not just poor programming. Also, the infamous DDoS attacks from earlier this year are an example where multiple 'zombie' computers coordinate together to attack a host all at the same time. A DoS attack is anything that maliciously prevents the computer from doing what was intended. This is usually accomplished by errors in code that will cause the program to eat up all the system resources.

Preventing DoS attacks in like preventing buffer overflows, but a firewall will also help with this, unlike buffer overflows. Another page with firewall information can be found here

Trojan Horse

A Trojan Horse is a program that purports to do something useful when in fact it really does something malicious such as send off the password file to a remote system. It must first be explicitly placed there by a malicious user. This is typically done to ensure that once a cracker has exploited a weakness in your system he has a way back into the system at a later date, even after the initial vulnerability has been fixed.

If a trojan is on the system, chances are the system has been cracked and needed to be wiped and reinstalled. The only way to prevent trojans is with a good firewall. A firewall works for blocking trojans only if the firewall is set to default deny and only essensial services are allow through the firewall. If a Linux system is cracked with mal-intent, and not just to see if the cracker could, then there will most likely be a root kit on the system. A very common trojan port is 31337; it should probably be blocked on all systems, with email notification if anyone tried to connect to it.

IP Session Hi-Jacking

IP Session Hi-Jacking, also known as a man in the middle attack, is a sophisticated attack which can now be done using tools circulating in the script kiddie community. With an IP Session Hi-Jacking, an user connects to a system using a service like telnet, then a cracker intercepts the packets and tricks the system into thinking that the cracker's machine is actually the user's machine. The user will think her connect got dropped, when in actuality, it is still going, but it has been taken over by the cracker.

With this form of attack, there is no way to block it, but there are checks that can be done to prevent it. Telnet is the type of service that crackers want to hi-jack; it has shell access, is unencrypted, and doesn't perform many checks to make sure the person really is who they say they are. SSH, on the other hand, would be very hard to hi-jack; it has strong encryption, multiple checks of an identity, and can have its shell access limited. Most services can't really be hi-jacked, but the ones that can, like telnet, usually have a secure replacement, like SSH, that can be used instead.

IP Spoofing

IP Spoofing attacks involves the attacker falsifying the sender IP address so that other computers think the packet came from a different system.

This type of attack can be useful in two different ways. First, if an service uses only IP-based authentication, then with IP spoofing, an attacker could use a service that isn't designated for him to use. The second way this type of attack could be used is similar to the first, but is different because it is used in conjunction with another form of attack. For example, a script kiddie knows there is a FTP server running that has a DoS vulnerability in it, but only the company's president's home computer's IP is allowed past the firewall to access the FTP server. With IP spoofing, the script kiddie could trick the firewall into thinking the packets are from the president's home computer and activate the DoS vulnerability.

Conclusion

While fixing these problems can be time consuming, great programs like Bastille Linux are around to make it much easier. This overview of Bastille Linux and also a walkthrough to installing it. But even with Bastille Linux and programs like it, security will always be a process not a program, and it will always take time to properly secure a system.

Resources

Only registered users can write comments.
Please login or register.

Powered by AkoComment!

 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.