How Linux Systems Security is Compromised

On June 23, 2010, in Security Knowledge Base, by Ganesh Dutt Sharma

There was a time when no machines were connected to each other and no risks of any kind of attacks were there. With the advent of networking, the security attacks became quite common. Now as the sophistication of IT security systems and networks is increasing and so is the risk of types of attacks on the systems.

Here in this article I’m gonna discuss on most common types of attacks on Linux systems.

Log Files Related Attacks

For crackers(commonly known as hackers), its very easy to break into your system and gain root access if they get to read the logs of the system. If log files have read permissions for normal users, then whosoever breaks into the system as normal user, can easily read all the logs. Let’s say if some user who is poor at typing and mistakenly types password instead of the user name, leaves the door for the crackers to break into the root of the system. How, simply by reading the log files and failed login attempts in the system, they can easily gain root access.

Second type of attack is deleting the traces of their nasty things done when logging out of the system. This way all the traces are removed and nobody knows who logged into your system within same account.

Social Engineering Attacks

When someone breaches your security by acting as one of your known or beneficiary, the attack is known as Social engineering attack. Someone may call you by acting as an employee of your firm or your friend’s friend or someone from ISP who wants to secure your system and ask for some vital information. That’s enough for them.

Exploiting suid and sgid programs

Any programs which are suid or sgid can be dangerous. These programs run with the permission of root or the owner of the programs and are binary programs. So, if your linux system has lot of suid and sgid programs then chances are that your linux security can be easily exploited. The situation becomes even more dangerous when the suid/sgid programs are poorly written. e.g when suid programs are written, then at the run time the privileges are elevated. Now, if the programmer forgets to drop the privileges then the root privileges are retained by the program. That means the program will drop you to root shell once it finishes its running session. According to “Hacking Linux Exposed” written by Brian Hach, program wmtv(video4linux) was having such problem.

Physical System Attack

Physical system attacks by spies are not uncommon. They will simply reboot the system when having access to the area where server is lying. Then at the time of boot, they’ll start the system in single mode and run it as root user.

DNS Attacks

The DNS(Domain Name Service) attacks are also common and are advanced type of network security attacks. We believe whatever IP address is returned by a DNS server for a domain name. Now let’s say that a cracker exploits some vulnerability on DNS and ends up owning your zone file, then they can divert all of your domain name traffic to his/her own networks and machines by making few changes to the zone file. This way you may end up revealing all of your important information like user/pass to the cracker.

Changing Core Programs With Their Own Version

This also happens. Let’s say a cracker has broken into your system. Now they’ll change your ls command and ps commands with their own versions so that you can see all files but their. Similarly you can see all processes but not the ones being run by the cracker.

DoS Attacks

DoS attacks are Denial of Service Attacks. These are also known as Network Flood Attacks. Normally automated requests are made to your service e.g web service. This way web server will launch new child process for each request and comes to its knees in very short interval specifically if it has low resources. Similar attacks are ping attacks, syn attacks. That is why these are called DoS attacks because they deny to serve you the desired service.

More is on the way. With the next tutorial I’ll start with Firewalls discussion for carrying out security topics further. Keep visiting to read more on Linux security.

Tagged with:
 

Leave a Reply

 




More articles from the category: Security Knowledge Base


How Linux Systems Security is Compromised

The situation becomes even more dangerous when the suid/sgid programs are poorly written. e.g when suid programs are written, then at the run time the privileges are elevated. Now, if the programmer forgets to drop the privileges then the root privileges are retained by the program.

Linux Security: PAM an Introduction

Linux Security is greatly enhanced if authentication to the system is well under control. PAM plays a great role in this process. PAM expands to Pluggable Authentication Modules. I promise to explain PAM in as easy manner as I can. Just be ready to read forwards and you are done. Since the blog is tightly focussed on security of unix based system, so I assume the general basic knowledge of unix based operating systems.

Linux Systems Security 10 General Measures

Linux Systems Security is growing concern. Here I’ve listed few measures to be taken for securing the linux systems. Ganesh Dutt Shama: World is Welcome To The World of Security!!!