There is no absolute security of the system, even if it is generally considered stable Linux system management and security-related shortcomings also.
We look forward to allow the system to try to take on low-risk situations, which will enhance system security management. Next, I specifically from two aspects to the Linux deficiencies existed, and describes how to enhance the Linux system security management. Prevent hacker intrusion discussing hackers, security management, I briefly describes some Hacking Linux hosts major avenues and customary practices, approaches to hacker attacks and manipulation. In order to better prevent, do a good safety precaution. To prevent hackers from intentional invasion, can reduce intranet and external Web links, even independently of the other network systems. This approach has resulted in the network using the inconvenience, but it is the most effective preventive measures. Hackers usually seek the following ways to put a Linux or Unix host until it finds a vulnerable to intrusion, and then begin hands-on intrusion. Common attack techniques are as follows: 1, direct access to root password, eavesdrop or make a special User's password, but the User may be any of the root, and then gets a User's password because the general user password is usually very easy. 2, hackers often use some characters commonly used to crack passwords. There was a United States hacker said, just use the word "password", you can open the entire us most of the computer. Other commonly used words include: account, ald, alpha, beta, computer, demo, dead, dollar, games, bod, hello, help, intro, kill, love, no, ok, okay, please, sex, secret, superuser, system, test, work, yes. 3. use the command: & nbspfinger@some.cracked.host, can know the computer name of the user above. And then look for these users to start, and through these easy invasion of user access to the system password file, and then use the password/etc/passwd dictionary file with password guessing tools to guess the password of root. 4. use of the average user in the/tmp directory to place the files with the SetUID or perform a SetUID program to allow root to perform to create security vulnerabilities. 5, use systems need SetUIDroot permissions that a security vulnerability to obtain root privileges, for example: pppd. 6. from the .rhost host intrusion. Because when a user performs rlogin, rlogin program locks the .rhost defined host and account, and does not require a password to log in. 7. modify the user's .profile, .login, cshrc etc Shell settings file, add some damage to a program. The user will be executed as long as the login, for example "if/tmp/backdoorexistsrun/tmp/backdoor". 8, whenever a user logs on to the system, you will unknowingly execute Backdoor programs (possibly Crack program), it will damage the system or provide further information of the system for the benefit of Hacker infiltration system. 9, if the company's important host may have a protective layer of the network firewall, Hacker sometimes find that subnet any easy intimacy of the intrusion of the host, and then slowly to important host out of the clutches. For example: using NIS common online, you can use remote command does not require a password to log on, and so on, so it is easier to catch a hacker. 10, the Hacker will through an intermediate host online, then look for the target of the attack, avoid using inverse search method to get the real IP address. 11, Hacker enters host there are several ways that you can via Telnet (Port23), Sendmail (Port25), FTP (Port21) or WWW (Port80) ways to enter. A host while only one address, but it may also undertake a number of services, and the Port are hackers "entered" the host is very good. 12, Hacker usually use NIS (IP), NFS these RPCService intercept information. As long as a simple command (for instance showmount), we can let the distance of host automatically report the services it provides. When the information is intercepted, even if equipped with tcp_wrapper, security software, the administrator would not knowingly be "borrow" a file system on the NISServer, causing/etc/passwd outflows. 13, send e-mail to anonymous FTP account, from the station to obtain the password file, or/etc/passwd directly download FTP station/etc directory of the passwd file. 14, network eavesdropping, use a network Packet sniffer program monitoring, capturing Telnet, FTP and Rlogin session information for a start, you can smoothly intercept root password sniffer is today Internet illegal invasion of one of the main reasons. 15, use systems vulnerability, intrusion hosts, such as Sendmail, Imapd, Pop3d, DNS, and other programs, often found security vulnerabilities, intrusion not diligently repair system vulnerable hosts a SBG. 16, being Hacker intrusion computer system Telnet program may have been stealthily substituting, all user account and password Telnetsession were recorded, with E-mailTo the Hacker, for further invasion. 17, the Hacker will clear the system log. Some powerful Hacker will put the records they enter the time, IP address, remove it, such as clear: syslog, lastlog, messages, wtmp, utmp and Shell history file .history. 18, intruders often would like ifconfig, tcpdump command such checks, to avoid being found. 19. system greatly embarrassed secretly copied/etc/passwd, and then use the dictionary file to the solution of the password. 20, greatly embarrassed by su or sudo or root SuperUser is coveted. 21, hackers often use Bufferoverflow (buffer overflow) manual intrusion system. 22, cron is the Linux operating system used to automate command tools, such as a scheduled backup or delete expired documents, and so on. Intruders often use cron to stay back, in addition to scheduled break code to intrusion systems, can avoid the danger of discovery by the administrator. 23, use IPspoof (IP fraud) technology intrusion Linux host. These are the current common hacking tricks Linux host. If hackers can use such a method for easily invade your computer, then the computer's security is really too bad, you need to hurry up and download the new version of the software to upgrade or patch file to fix security vulnerabilities. In this warning, unauthorized use of another's computer system or stolen information is illegal, I hope you readers do not violate it. In addition to the above method, many hacker intrusion tool can also be used to attack Linux system. These tools are often an intruder complete invasion later planted in victim server. These intrusion tools have different characteristics, and some simply used to capture the user name and password, while very powerful to log all network data flow. In short, the hackers use intrusion tool is also a common attack Linux host. [NextPage] hacker protection if you want to protect system security against hackers we need to do the first step should be the prevention of work to do ahead of time. As a system administrator must ensure that their management system in security vulnerabilities. This does not give an illegal user. Ahead of preventive, I think there are the following points: first, ahead of close all possible system back door to prevent intruders exploit vulnerabilities in the system. For example, use the "rpcinfo-p" to check the machine is running some unnecessary remote services. Once found, immediately quit, so as not to give illegal user left system of backdoor. Second, verify that the system which is running a new Linux and Unix daemon. Because the old daemon allows other machines remotely run some illegal orders. Third, regularly from the operating system manufacturer access to security patches. Fourth, strengthen the security of the system setup program, such as: Shadowpassword, TCPwrappet, SSH, PGP, etc. Fifth, you can build a network firewall, preventing network attacks. Sixth, with scanning tool vulnerability detection system to test host vulnerable. Seventh, the number of subscriptions to a number of security advisories, multiple access secure site to obtain timely safety information to patch the system software and hardware vulnerabilities. Even though the preventive work done or for gist. With the continuous development of network technologies, hackers level also in progress. Their means of attack is emerging in many unexpected things will happen, so we do prevention work, daily security checks on the system. In particular, as a system administrator should always go to the observation system changes, such as a system process, file, time, etc. Specifically, security checks on the system has the following methods: 1, taking full advantage of Linux and UNIX systems built-in check command to test the system. For example, the following commands in Linux and UNIX systems would be very useful:-who, see who login to the system;-w, see who log on to the system, and what to do;-last, display system has been logged on user and TTYS;-history, shows the system is running in the past;-netstat command, you can view current network status;-top, dynamic real-time view system processes;-finger, view all of the login user. 2, periodically check the system log, file, time, and process information. Such as:-check/var/log/messages log file to see the external user's login status;-check user directory under landing/home/username history file (e.g. .history file);-check user directory/home/username .rhosts, .forward file remote login;-use the "find/-ctime-2-ctime + 1-ls" command to view two days to modify some files;-use the "view" command to ls-lac file real modified;-cmpfile1file2 "command" to compare file size changes;-protect critical system commands, processes, and the configuration file to prevent an intruder to replace the access rights to modify the system. Of course, in order to guarantee the absolute security of the system, apart from preventive and safety inspection, but also fosters a guarantee system, the good habit of network security. This is regularly scheduled to do a complete data backup. There is a complete data backup, under attack or system failure can be quickly restored system. For virus intrusion security now DOS, Windows9X/Me/NT/2000/XP system virus is very popular, but they almost never heard in Linux or UNIX system has a virus, and even some people think that Linux or UNIX system without the presence of the virus. In fact, this is a big mistake. In fact the world's first computer virus is Unix. If a Linux system in the event of a virus spread, the consequences will be disastrous. Now many viruses use the standard C programs to write, to adapt to any kind of Linux and UNIX operating systems. And they can be used to make cross-platform compilation. Although WindowsNT/2000 and Linux, and UNIX system is a very advanced protection mechanisms of the system, you can prevent most of the virus infection, but not all. Therefore, for a Linux system, it is not without danger of computer viruses. For example, Morris, Ramen, Lion, worms have used on Linux or Unix systems too. Generally most of Linux network mainly consists of one or more computers to install the Linux operating system of the server or WebServer, FTPServer do usually have MailServer. Current workstation-mostly installed Windows9X/Me/NT/2000/XP, the operating system of your computer. The Linux network computer virus protection mainly protection based on a single workstation. You can install on a Linux server with Samba services, use virus scanning tools from a secure workstation regularly on server disk file is scanned, so as to achieve the purpose of anti-virus protection. Computer virus is a computer manufacturer and the Government of the most headache problem, according to estimates there are about thousands of viruses on your computer, but what would a day out of the three new computer viruses. Currently, most computers use software to control the virus, use virus firewall but less than half, this makes your computer infected the opportunity increases. Usually these computer virus infection from the intranet, this means that the company might have many computers have been infected. In difficult circumstances, the only time that computer health, no exception occurs, is to ensure that the information is not compromised.
No comments:
Post a Comment