With the expansion of Linux apps, there are a lot of network servers using the Linux operating system.
Linux server security performance is more and more attention, here according to Linux servers from attack in the form of depth to level out, and different solutions. On Linux server attack is defined as: the attacks are designed to interfere with, damage, impair, destroy Linux server security, an unauthorized act. An attack can range from service denial until full harm and damage to the Linux server. On Linux servers, there are many types of attacks, this article from the angle of attack depth, we attack is divided into four levels. Attack level 1: denial of service attack (DoS) due to the proliferation of DoS attack tools, and the protocol layer of defects of short-time could not change the fact that DoS also became the most widely spread, the most difficult to guard against attacks. Denial of service attacks including distributed denial of service attacks, the reflex distributed denial of service attacks, DNS distributed denial of service attacks, attacks and other FTP. Most services refused to attack resulted in relatively low level of risk, even those that may cause the system to restart attack just a temporary problem. This type of attack is to a large extent different from those who want to get network control attacks are not normally have an impact on data security, but the service refused to attack will last a long time, very difficult. To date, there is no absolute way to stop this kind of attack. But this does not mean that we should fight, apart from the emphasis on individual hosts to enhance the protection of the importance of not being used, to strengthen the management of the server is very important. Must install authentication software and filtering function, test the newspaper article source address real address. In addition to several services refused to adopt the following measures: shut down unnecessary services, limit open at the same time the number of Syn semijoin, shortening the Syn half connection timeout time and timely update system patches. Attack level II: local users get their non-authorized file read and write permission to the local user is defined in the local network of any machine with a password, in a drive has a directory of the user. Local user gets to their non-authorized file read and write permissions issue is dangerous to a great extent depends on access to critical files. Any local user can access the temporary file directory (/tmp) are dangerous, it can potentially paving a path to the next level attack path. Level two main attack methods are: Hacker trick legitimate users tell their confidential information or perform a task, sometimes hackers will pretend that network managers to send messages to the user, asks the user to give him the password for the system upgrade. By the local user-initiated attacks almost always start from the remote login. For Linux servers, the best way is to place all shell account on a separate machine, that is, only in one or more assigned shell access on the server that accepted the registration. This allows log management, access control, release management, and other potential security problem management easier. You should also be stored user CGI system to distinguish between them. These machines should be isolated in a specific network segment, that is, depending on your network configuration, they should be surrounded by a router or network switch. The topology should ensure that the hardware address spoofing cannot exceed this section. Attack level 3: remote user access privileges for the file read and write permissions for third-level attacks can do not only verify the existence of a specific file, and also can read and write the files. This is because the Linux server configuration in this way some weaknesses that remote users without a valid account number to the server to perform a limited number of commands. Password attack is a third level of the main attack method, corrupted password is the most common attack method. Password cracking is to describe in use or not use the tools of osmosis networks, systems or resources to unlock password-protected resources of a term. Users often ignore their password, the password policy is difficult to be implemented. Hackers have a variety of tools you can beat the technical and social protection of the password. Includes dictionary attack (Dictionaryattack), hybrid attacks (Hybridattack), brute force attack (Bruteforceattack). Once the hacker has the user's password, he has a lot of user privileges. Password guessing is manually entered common password or through a good program to obtain the original password. Some users choose a simple password — such as birthdays, anniversaries and spouse's name, it does not follow should use letters, numbers, mixed use rules. For hackers to guess a bunch of eight-character birthday data don't have to spend much time.
No comments:
Post a Comment