1 / 14

Overview of Unix

Overview of Unix. Jagdish S. Gangolly School of Business State University of New York at Albany

richard_edik
Download Presentation

Overview of Unix

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Overview of Unix Jagdish S. Gangolly School of Business State University of New York at Albany NOTE: These notes are based on the book Counter Hack, by Ed Skoudis and are prepared solely for the students in the course Acc 661 at SUNY Albany. They are not to be used by others without the permission of the instructor. Acc 661 Auditing of Adv Acctg Systems (Spring 2003) Gangolly

  2. Overview of Unix • Architecture • File System Structure • Kernel and processes • Account groups Acc 661 Auditing of Adv Acctg Systems (Spring 2003) Gangolly

  3. Architecture: File System Structure • Hierarchical / Bin dev etc home lib mnt proc tmp usr var passwd group bin man sbin Acc 661 Auditing of Adv Acctg Systems (Spring 2003) Gangolly

  4. Architecture: Kernel & Processes I • CPU can run at most one program at a time • Kernel schedules processes, allocates and manages memory, and prevents one process from accessing memory belonging to other processes • Daemons (background processes) perform print spooling, network services, file-sharing, web access, remote management capabilities, etc. Acc 661 Auditing of Adv Acctg Systems (Spring 2003) Gangolly

  5. Architecture: Kernel & Processes II • Automatically starting processes: • Init: parent of all user-level processes (/etc/init.d) • Httpd (port 80), Sendmail (port 25), NFS • Inetd (/etc/inetd.conf) • Echo, Chargen, FTPd, Telnetd, Shell, login, TFTP • Cron • Vulnerability: • Use of inetd.conf to create attack relays 11111 stream tcp nowait nobody /usr/sbin/tcpd /usr/bin/nc [next_hop] 54321 Acc 661 Auditing of Adv Acctg Systems (Spring 2003) Gangolly

  6. Architecture: Kernel & Processes III • Vulnerability: Create a backdoor using Inetd • Overflow a buffer in a program running with root level privileges • Run a shell command to insert a line into the inetd.conf file (the line sets up a high order tcp port, running as root a command shell to execute any commands received) • Killall command sends an HUP signal to Inetd process, making it reread the configuration file Acc 661 Auditing of Adv Acctg Systems (Spring 2003) Gangolly

  7. Accounts and Groups • /etc/passwd • Login name, encrypted/hashed password, UID number, default GID number, GECOS information, home directory, login shell • Vulnerability: Password attacks • Guessing, login scripts, L0phtCrack (win), John the Ripper • /etc/group • Unix permissions • SetUID Acc 661 Auditing of Adv Acctg Systems (Spring 2003) Gangolly

  8. Miscellaneous • Unix trust • /etc/hosts.equiv • .rhosts • R-commands • rlogin, rsh, rcp, … • Vulnerable to IP-spoofing • Logs and auditing • /var/log/secure • /var/log/messages • /var/log/httpd, /var/log/cron,… Acc 661 Auditing of Adv Acctg Systems (Spring 2003) Gangolly

  9. Miscellaneous • utmp – who • wtmp – last • lastlog – time of user’s last login Acc 661 Auditing of Adv Acctg Systems (Spring 2003) Gangolly

  10. Windows 2000 • Domains: share authentication database • Primary Domain Controller (PDC) • Backup Domain Controller (BDC) • SAM database • Shares: remote connections to network devices • Service packs and hotfixes Acc 661 Auditing of Adv Acctg Systems (Spring 2003) Gangolly

  11. Windows 2000: Architecture • User Mode • Kernel Mode • Executive Subsystems • Hardware Abstraction Layer • Accounts and groups • Default accounts (Administrator, Guest) • Created by administrator • Groups: Global and local Acc 661 Auditing of Adv Acctg Systems (Spring 2003) Gangolly

  12. Windows 2000: Architecture II • Privileges: Administrators, users, guests • Rights: things users can do that can be added or revoked • Abilities: built-in capabilities of groups that can not be altered • Policies: • Account policy • User properties settings • Trust: No trust, Complete trust, Master domain, Multiple master domain Acc 661 Auditing of Adv Acctg Systems (Spring 2003) Gangolly

  13. Windows 2000: Architecture III • Auditing • System Logging • Security Logging: logons/logoffs, files/object access, use of rights,… • Application Logging • Object access control and permissions • Ownership • NTFS permissions: No access, Read, Change, Full control • Share permissions Acc 661 Auditing of Adv Acctg Systems (Spring 2003) Gangolly

  14. Windows 2000: Architecture III Acc 661 Auditing of Adv Acctg Systems (Spring 2003) Gangolly

More Related