140 likes | 172 Views
An Introduction to UNIX Security. A Presentation by Trey Evans trey@bestican.net www.bestican.net. Linux or UNIX?. System V Linux, AIX, HP-UX, Solaris BSD Net, Open, Free AT&T SCO, IRIX, Solaris. Out of the Box Security. Very limited deployment options
E N D
An Introduction to UNIX Security A Presentation byTrey Evans trey@bestican.net www.bestican.net
Linux or UNIX? • System V • Linux, AIX, HP-UX, Solaris • BSD • Net, Open, Free • AT&T • SCO, IRIX, Solaris
Out of the Box Security • Very limited deployment options • Custom tailoring always the best option • Expensive to migrate • Often easy to monitor
Kernel Security • Remove any drivers not used • If the user needs them, he/she can add them at boot time • Prevents unstable drivers from causing hiccups when called • Eliminates possibility of attacker exploiting weak driver or combination of drivers
Network Security • ipchains, iptables, “routes” • Tells machine what to do with what packets under certain circumstances • Set up *nix box as a router / firewall / both • Tame user privileges • No need for users to be able to change IP • Keep users from enabling promiscuous mode • Keep users from enabling second network card • Perhaps disable user access to usbhci
Email Security • Sendmail • Qmail • www.google.com
Penetration • Physically insert your machine into the target’s network • Bypass perimeter security • Control router or outer most point • “Edge devices”
Physical Insertion • Basically, obtaining an IP on the system • Man in the middle • Wireless – airjack userland utilities • Wired – spoof MAC, auth as legit user • Easiest way – Wireless • bestican.net/wifi/pres.pdf • DHCP? IP addressing scheme?
Bypass security • Portscan looking for services • nmap stealth mode (-s) or OS discover (-O) • Box on inside? • Test firewall rules using packet crafting • See illustration • DoS or DDoS • Lame. • Google exploits for firewall
Outermost Device • Root access on gateway or firewall or router • Gives access to ALL packets on network • Redirect at will • Change IP table • Change message or headers • Sniff passwords • Write them down, you’ll need them later
Discovery • Ask “what’s the payload?” • Portscan • nmap, NetCat, nmap for X • Rootkit • Requires root on an internal box • Must be well hidden • Exploit scanner • Don’t get caught • Hardware may skew results • Morph
Elevate Privileges • Local access is root access • Based on boot loader, usually • Google.com • Doesn’t insert NFS folders into hierarchy • Exploits tailored to machine • Cool CC example • Cool passwd example
Historic Exploits • FTPD buffer overflow • Widespread, FTPD installed by default often • Gave root FTP access • Sendmail remote call • Auth as root • Send mail as anyone, read anyone’s mail • evil.c • Not a big threat (unless hosting) • Local access needed • Demo?