Transcript An Introduction to UNIX Security
An Introduction to UNIX Security A Presentation by Trey Evans [email protected] www.bestican.net Linux or UNIX? System V BSD Linux, AIX, HP-UX, Solaris Net, Open, Free AT&T SCO, IRIX, Solaris Out of the Box Security Very limited deployment options Custom tailoring always the best option Expensive to migrate Often easy to monitor Kernel Security Remove any drivers not used If the user needs them, he/she can add them at boot time Prevents unstable drivers from causing hiccups when called Eliminates possibility of attacker exploiting weak driver or combination of drivers Network Security ipchains, iptables, “routes” Tells machine what to do with what packets under certain circumstances Set up *nix box as a router / firewall / both Tame user privileges No need for users to be able to change IP Keep users from enabling promiscuous mode Keep users from enabling second network card Perhaps disable user access to usbhci Email Security Sendmail Qmail www.google.com Begin Fun Stuff Penetration Physically insert your machine into the target’s network Bypass perimeter security Control router or outer most point “Edge devices” Physical Insertion Basically, obtaining an IP on the system Man in the middle Easiest way – Wireless Wireless – airjack userland utilities Wired – spoof MAC, auth as legit user bestican.net/wifi/pres.pdf DHCP? IP addressing scheme? Bypass security Portscan looking for services Box on inside? Test firewall rules using packet crafting See illustration DoS or DDoS nmap stealth mode (-s) or OS discover (-O) Lame. Google exploits for firewall Outermost Device Root access on gateway or firewall or router Gives access to ALL packets on network Redirect at will Change IP table Change message or headers Sniff passwords Write them down, you’ll need them later Discovery Ask “what’s the payload?” Portscan Rootkit nmap, NetCat, nmap for X Requires root on an internal box Must be well hidden Exploit scanner Don’t get caught Hardware may skew results Morph Elevate Privileges Local access is root access Based on boot loader, usually Google.com Doesn’t insert NFS folders into hierarchy Exploits tailored to machine Cool CC example Cool passwd example Historic Exploits FTPD buffer overflow Sendmail remote call Widespread, FTPD installed by default often Gave root FTP access Auth as root Send mail as anyone, read anyone’s mail evil.c Not a big threat (unless hosting) Local access needed Demo?