11/02/2000HEPiX-HEPNT 2000, Jefferson Lab1 Unix/Linux Security Update Bob Cowles November 2, 2000.

Slides:

Advertisements

Similar presentations

What is code injection? Code injection is the exploitation of a computer bug that is caused by processing invalid data. Code injection can be used by.

Advertisements

© 2003, Cisco Systems, Inc. All rights reserved..

1 Dynamic DNS. 2 Module - Dynamic DNS ♦ Overview The domain names and IP addresses of hosts and the devices may change for many reasons. This module focuses.

Security in the NT Environment at SLAC HEPNT at CERN December 4, 1998 Bob Cowles, SLAC.

Random Password Manager Centralized scalable password management security and recovery Joe Vachon Sales Engineer.

Managing Your Network Environment © 2004 Cisco Systems, Inc. All rights reserved. Managing Cisco IOS Devices INTRO v2.0—9-1.

Web Defacement Anh Nguyen May 6 th, Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.

Information Networking Security and Assurance Lab National Chung Cheng University 1 A Real World Attack: wu-ftp.

ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.

Guide To UNIX Using Linux Third Edition

Hands-On Ethical Hacking and Network Defense Second Edition Chapter 6 Enumeration.

Hacking Web Server Defiana Arnaldy, M.Si

Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.

Chapter 6: Hostile Code Guide to Computer Network Security.

Nikto LUCA ALEXANDRA ADELA. Nikto  Web server assessment tool  Written by Chris Solo and David Lodge  Released on December 27, 2001  Stable release:

Computer Security Update Bob Cowles, SLAC stanford.edu Presented at RAL 09 Dec 2002 Work supported by U. S. Department of Energy contract.

Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Baselines Chapter 14.

CSC 386 – Computer Security Scott Heggen. Agenda Introduction to Software Security.

1 Infrastructure Hardening. 2 Objectives Why hardening infrastructure is important? Hardening Operating Systems, Network and Applications.

1 Web Server Concepts Dr. Awad Khalil Computer Science Department AUC.

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,

Overview: Identify the Internet protocols and standards Identify common vulnerabilities and countermeasures Identify specific IIS/WWW/FTP concerns Identify.

CSCI 6962: Server-side Design and Programming Secure Web Programming.

Ladd Van Tol Senior Software Engineer Security on the Web Part One - Vulnerabilities.

Survey “Intrusion Detection: Systems and Models” “A Stateful Intrusion Detection System for World-Wide Web Servers”

Central Web Services at Fermilab Presented by Jim Fromm October 27,2006.

Honeypot and Intrusion Detection System

 2001 Prentice Hall, Inc. All rights reserved. 1 Chapter 21 - Web Servers (IIS, PWS and Apache) Outline 21.1 Introduction 21.2 HTTP Request Types 21.3.

Buffer Overflows Lesson 14. Example of poor programming/errors Buffer Overflows result of poor programming practice use of functions such as gets and.

Software Security Testing Vinay Srinivasan cell:

1 Apache. 2 Module - Apache ♦ Overview This module focuses on configuring and customizing Apache web server. Apache is a commonly used Hypertext Transfer.

OSI and TCP/IP Models And Some Vulnerabilities AfNOG th May 2011 – 10 th June 2011 Tanzania By Marcus K. G. Adomey.

1 Internet Browsing Vulnerabilities and Security ECE4112 Final Lab Ye Yan Frank Park Scott Kim Neil Joshi.

1 CHAPTER 3 CLASSES OF ATTACK. 2 Denial of Service (DoS) Takes place when availability to resource is intentionally blocked or degraded Takes place when.

Web Application Security ECE ECE Internetwork Security What is a Web Application? An application generally comprised of a collection of scripts.

Security Scanners Mark Shtern. Popular attack targets Web – Web platform – Web application Windows OS Mac OS Linux OS Smartphone.

Top Five Web Application Vulnerabilities Vebjørn Moen Selmersenteret/NoWires.org Norsk Kryptoseminar Trondheim

User Access to Router Securing Access.

Cisco Router Hacking Group 8 Vernon Guishard Kelvin Aguebor ECE 4112.

1 Version 3.0 Module 6 Switch Configuration. 2 Version 3.0 Switches Contain: –CPU –RAM –Operating System.

Computer Networking From LANs to WANs: Hardware, Software, and Security Chapter 13 FTP and Telnet.

CIS 450 – Network Security Chapter 14 – Specific Exploits for UNIX.

By Sean Rose and Erik Hazzard.  SQL Injection is a technique that exploits security weaknesses of the database layer of an application in order to gain.

Crash Course in Web Hacking

OV Copyright © 2005 Element K Content LLC. All rights reserved. Hardening Internetwork Devices and Services  Harden Internetwork Connection Devices.

Hacking Windows 9X/ME. Hacking framework Initial access physical access brute force trojans Privilege escalation Administrator, root privileges Consolidation.

Lesson 19-E-Commerce Security Needs. Overview Understand e-commerce services. Understand the importance of availability. Implement client-side security.

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,

Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®

© Wiley Inc All Rights Reserved. MCSE: Windows Server 2003 Active Directory Planning, Implementation, and Maintenance Study Guide, Second Edition.

Introduction to Routers

SCSC 455 Computer Security Chapter 3 User Security.

TOPIC 7.0 LINUX SERVICES AND CONFIGURATION. ROOT USER Root user is called “super user” because it has power far beyond those of mortal user. As root,

CPS Computer Security Tutorial on Creating Certificates SSH Kerberos CPS 290Page 1.

Enumeration. Definition Scanning identifies live hosts and running services Enumeration probes the identified services more fully for known weaknesses.

Internet Explorer 7 Updated Advice for the NHS 04 February 2008 Version 1.3.

JLAB Password Security Ian Bird Jefferson Lab HEPiX-SLAC 6 Oct 1999.

Session 11: Cookies, Sessions ans Security iNET Academy Open Source Web Development.

Vmware 2V0-621D Vmware Exam Questions & Answers VMware Certified Professional 6 Presents

 Computer Network Attack  “… actions taken through the use of computer networks to disrupt, deny, degrade, or destroy information resident in computers.

Lecture 14 Page 1 CS 236 Online Secure Programming CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.

Microsoft OS Vulnerabilities April 1, 2010 MIS 4600 – MBA © Abdou Illia.

Web Technology Seminar

Chapter 7: Identifying Advanced Attacks

Chapter 6 Application Hardening

Hacking Unix/Linux.

Preventing Privilege Escalation

Presentation transcript:

11/02/2000HEPiX-HEPNT 2000, Jefferson Lab1 Unix/Linux Security Update Bob Cowles November 2, 2000

11/02/2000HEPiX-HEPNT 2000, Jefferson Lab2 Outline Intro Format String Buffer Overflows Symlink following Specials Conclusions

11/02/2000HEPiX-HEPNT 2000, Jefferson Lab3 Intro (1/3) Microsoft Security Bulletins – – – mos37 – mos82

11/02/2000HEPiX-HEPNT 2000, Jefferson Lab4 Intro (2/3) Ddos is still a problem –Often placed on compromised machines –Selection of clients is improving (!) AES selection is complete –Rijndael selected –Expected to be good in mobile, low-power platforms Microsoft breakin comments

11/02/2000HEPiX-HEPNT 2000, Jefferson Lab5 Intro (3/3) hacked web servers 10/31 courtesy of attrition.org hooyahwww.elipsedesign.com prime suspectzwww.diamond.com.au gsmart.net.id chikebum m0r0n/nightmanawww.adara.com.tw m0r0n/nightmawww.advancetek.com.tw alessiamarcuzzi.it azndragon m0r0n/nightman m0r0n/nightman MaNa2EEsHwww.wiredsolutionstk.com keokiwww.clearwaterfarm.com RSHwww.ca0.net advancedit.co.za one man army meccawww.warrenconner.org tyl0xwww.woodengate.com birthingthefuture.comkeoki Prime Suspectzwww.kia.co.kr mail.mountainzone.net wchs02.washington.high.washington.k 12.ga.usdis Hackah Jakwww.boitnotts.com Anti Security Hackerswww.bancoprimus.com.br prime suspectzwww.dersa.com.br prime suspectzwww.epson.ru Anti Security Hackerswww.penalty.com.br CiXXwww.enap.cl

11/02/2000HEPiX-HEPNT 2000, Jefferson Lab6 Format String Affects all Unix/Linux systems Started with QPOPPER in May We haven’t seen the end Latest is ypbind Severe in LOCALE subsystem and environment variable passing of telnet

11/02/2000HEPiX-HEPNT 2000, Jefferson Lab7 Format String Alerts (1/2) May –QPOPPER June –Various ftpd July –BitchX IRC client –rpc.statd (nfsutils) August –gnu mailman –NAI net tools PKI server August (cont) –IRIX telnetd –xlock September –Locale subsystem –screen –klogd –KDE kvt –LPRng –lpr –SCO help http server

11/02/2000HEPiX-HEPNT 2000, Jefferson Lab8 Format String Alerts (2/2) October –Cfengine –eeprom in BSD, libutil, fstat –BSD telnet (remote) –PHP error logging –ypbind

11/02/2000HEPiX-HEPNT 2000, Jefferson Lab9 Buffer Overflows April –Solaris ufsrestore –Solaris lp/lpstat/lpset May –netpr –kerb4 and kerb5 in compatibility mode Remote exploits for klogin, ksu, krshd September –Pine remote exploit using From: line October –Dump –Tcpdump

11/02/2000HEPiX-HEPNT 2000, Jefferson Lab10 Symlink Following Mgetty / faxrund –Creates.last_run in world-writable directory –Follows symlinks allowing … File creation anywhere File smashing

11/02/2000HEPiX-HEPNT 2000, Jefferson Lab11 Specials Cisco Linux capabilities Cross site scripting PGP Netscape RSA Sun key compromise

11/02/2000HEPiX-HEPNT 2000, Jefferson Lab12 Cisco 04/19 Access to priv mode in catalyst switch (fix 5.4(2)) 04/20 IOS reload when telnetd port is scanned 05/15 Router crash with httpd enabled %

11/02/2000HEPiX-HEPNT 2000, Jefferson Lab13 Linux Capabilities Capabilities available in release 2.2.x Fine-grain privilege setting Inherited from parent process Can prevent suid program dropping root Exploits used sendmail and procmail Temporary fix from CERN Current fix is to require

11/02/2000HEPiX-HEPNT 2000, Jefferson Lab14 Cross Site Scripting Problem inherent in browser/server design Fix is up to proper application design by web developers Can be used to steal cookies or read/write local files 09/07 E*Trade user names and passwords are remotely recoverable

11/02/2000HEPiX-HEPNT 2000, Jefferson Lab15 PGP Affects version 4 of PGP public keys –Mostly Diffie-Hellman –Additional decryption keys Part of public key not covered by encrypted checksum – allows insertion of additional, unauthorized decryption keys Primary issue is one of confidence in PGP

11/02/2000HEPiX-HEPNT 2000, Jefferson Lab16 Netscape SSL certification validation code error –Happens if host name mismatch –No further validation for future use of certificate Brown Orifice httpd –Delivered in a number of modes –Advertised itself as compromised –Fix forced upgrade to 4.75

11/02/2000HEPiX-HEPNT 2000, Jefferson Lab17 RSA 09/06 Code was released to public domain 2 weeks prior to patent expiration Expect a greater volume of encryption products to be released over the next year

11/02/2000HEPiX-HEPNT 2000, Jefferson Lab18 SUN Certificate Compromise Web server certificate compromised First admitted case for major vendor ate_howto.html to determine if certificate has been accepted

11/02/2000HEPiX-HEPNT 2000, Jefferson Lab19 IIS Unicode Not UNIX, but very important; allows remote execution of commands (cmd, tftp) Other Unicode exploits are likely in other programs needing to edit input data Difficult to remove all “dangerous” characters – too many ways to represent them

11/02/2000HEPiX-HEPNT 2000, Jefferson Lab20 Recommendations Leverage security concerns to gain control of OS configurations –Security is not a part of the service organization Limit visibility of complex protocols –Block if possible, otherwise allow only “well maintained” servers –HTTP and XML are going to have many more security issues

11/02/2000HEPiX-HEPNT 2000, Jefferson Lab21 Questions?