110 likes | 222 Views
Fundamentals of Computer Security. Hacks & Counterhacks. Anatomy of a Hack. Gaining Access. Footprinting. Escalating Privilege. Scanning. Denial of Service. Pilfering. Enumeration. Covering Tracks. Creating Backdoors. Footprinting. Goals: Determine the address range of targets.
E N D
Fundamentals of Computer Security Hacks & Counterhacks CSCI 379 Fundamentals of Computer Security
Anatomy of a Hack Gaining Access Footprinting Escalating Privilege Scanning Denial of Service Pilfering Enumeration Covering Tracks Creating Backdoors CSCI 379 Fundamentals of Computer Security
Footprinting Goals: • Determine the address range of targets. • Namespace acquisition. • Information gathering. Tools: • dig, nslookup, search engines, USENet, Sam Spade. CSCI 379 Fundamentals of Computer Security
DNS Zone Transfer This is really easy to carry out and needs only nslookup. > nslookup Default Server: ns1.example.net Address: 10.10.20.2 > 216.182.1.1 Server: ns1.example.net Address: 10.10.20.2 Name: gate.tellurian.net Address: 216.182.1.1 > set type=any > ls –d tellurian.net. >> /tmp/zone_out CSCI 379 Fundamentals of Computer Security
DNS Security Goal: Reduce the amount of information DNS about your system that DNS can put on the Internet. Countermeasures: • Restrict zone transfers to authorized servers. • Use the allow-transfer directive in named.conf. • Firewall configuration: lookup requests are UDP, zone transfers are TCP => deny all TCP connections on port 53. • Note that these measures only slow down target acquisition, they do not make it impossible. CSCI 379 Fundamentals of Computer Security
Scanning Goal: Identify entry points for the intrusion (UDP and TCP services running); identify the operating system. Techniques: • Ping sweeps. • Port scans. Tools: • icmpquery, http://packetstormsecurity.org/UNIX/scanners/ • nmap, http://www.insecure.org/nmap CSCI 379 Fundamentals of Computer Security
Ping Sweep Countermeasure • Detection: Log incoming ICMP traffic; use a NIDS tool like snort (http://www.snort.org). • Prevention: Filter incoming ICMP traffic at a firewall. CSCI 379 Fundamentals of Computer Security
Port Scanning Goal: Determine what UDP and TCP ports are actively listening for requests. This allows one to determine what operating system and applications are running. A future attack can use this information to match the system specs against known exploits. Tools: • nmap • netcat (http://rpmfind.net) CSCI 379 Fundamentals of Computer Security
Port Scanning Countermeasures Detection: Port scans can cause activity to be recorded in system logs. Reading logs periodically may reveal scanning activity. NIDS like snort can issue warnings regarding port scans. Prevention: Carefully study the list of running services on a host and disable all services that are not necessary. CSCI 379 Fundamentals of Computer Security
Automated Discovery Tools • Cheops, http://www.marko.net/cheops/ • Tkined, http://wwwhome.cs.utwente.nl/~schoenw/scotty CSCI 379 Fundamentals of Computer Security
Enumeration Goal: Probe the identified services for fully known weaknesses. This involves active connections to systems and directed queries, which will probably be logged. Techniques: • Banner grabbing (uses telnet and netcat to specific ports). CSCI 379 Fundamentals of Computer Security