CIS 450 – Network Security Chapter 15 – Preserving Access.

Slides:

Advertisements

Similar presentations

Operating-System Structures

Advertisements

COEN 250 Computer Forensics Unix System Life Response.

By Hiranmayi Pai Neeraj Jain

Cybersecurity Training in a Virtual Environment By Chinedum Irrechukwu.

Protection from Internet Theft By James Seegars. What Is Hacking? Definition – A)To change or alter(Computer Program) – B) To gain access to (a computer.

1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?

1 Figure 6-16: Advanced Server Hardening Techniques Reading Event Logs (Chapter 10)  The importance of logging to diagnose problems Failed logins, changing.

ROOTKIT VIRUS by Himanshu Mishra Points to be covered Introduction History Uses Classification Installation and Cloaking Detection Removal.

Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia

CS Nathan Digangi.  Secret, undocumented routine embedded within a useful program  Execution of the program results in execution of secret code.

1 UNIX Postmortem Mark Henman. 2 Introduction For most system administrators, there is no question that at some point at least one of their systems is.

Windows Security and Rootkits Mike Willard January 2007.

Vijay krishnan Avinesh Dupat  Collection of tools (programs) that enable administrator-level access to a computer or computer network.  The main purpose.

Information Networking Security and Assurance Lab National Chung Cheng University 1 Host-Based Intrusion Detection software TRIPWIRE & MD5.

Malicious Attacks. Introduction Commonly referred to as: malicious software/ “malware”, computer viruses Designed to enter computers without the owner’s.

Computer Security Fundamentals by Chuck Easttom Chapter 5 Malware.

ROOT KITS. Overview History What is a rootkit? Rootkit capabilities Rootkits on windows OS Rootkit demo Detection methodologies Good tools for detection.

Viruses, Hacking, and AntiVirus. What is a Virus? A type of Malware – Malware is short for malicious software A virus – a computer program – Can replicate.

Linux Networking and Security Chapter 10 File Security.

Chapter 11 Phase 5: Covering Tracks and Hiding. Attrition Web Site  Contains an archive of Web vandalism attacks

Chapter Nine Maintaining a Computer Part III: Malware.

Linux Basics CS 302. Outline  What is Unix?  What is Linux?  Virtual Machine.

Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Baselines Chapter 14.

VMM Based Rootkit Detection on Android Class Presentation Pete Bohman, Adam Kunk, Erik Shaw.

By, Anish Shanmugasundaram Yashwanth Sainath Jammi.

LO2 Understand the key components used in networking

Rootkits. EC-Council The Problem  Microsoft Corp. security researchers are warning about a new generation of powerful system-monitoring programs, or.

Vijay Krishnan Avinesh Dupat. A rootkit is software that enables continued privileged access to a computer while actively hiding its presence from administrators.

1 CSCD 434 Winter 2013 Lecture 10 Attacks and More Attacks Root kits.

Virus and Antivirus Team members: - Muzaffar Malik - Kiran Karki.

CIS 450 – Network Security Chapter 16 – Covering the Tracks.

Rootkits in Windows XP  What they are and how they work.

Windows Vista Security David Kenney Christopher Lange.

1.2 Security. Computer security is a branch of technology known as information security, it is applied to computers and networks. It is used to protect.

CHAPTER 14 Viruses, Trojan Horses and Worms. INTRODUCTION Viruses, Trojan Horses and worm are malicious programs that can cause damage to information.

1 What is a computer virus? Computer program Replicating Problematic "Event" Types Detection and prevention.

Virus Detection Mechanisms Final Year Project by Chaitanya kumar CH K.S. Karthik.

Chapter 10 Malicious software. Viruses and ” Malicious Programs Computer “ Viruses ” and related programs have the ability to replicate themselves on.

Trojan Virus By Forbes and Mark. What is a Trojan virus Trojans are malicious programs that perform actions that have not been authorised by the user.

LINUX ROOTKITS Chirk Chu Chief Security Officer University of Alaska Statewide System Information Technology Services.

Mathieu Castets October 17th,  What is a rootkit?  History  Uses  Types  Detection  Removal  References 2/11.

Linux Networking and Security

Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.

Linux interoperability Question: How can I handle interoperability between Linux and UNIX in my IT environment? HP’s Approach With HP’s Linux Compatibility.

CIS 450 – Network Security Chapter 14 – Specific Exploits for UNIX.

Cracking Techniques Onno W. Purbo

CS 510 : Malicious Code and Forensics. About the course Syllabus at

Introduction to Computer Networks Introduction to Computer Networks.

COSC 513 Operating Systems Project Presentation: Internet Security Instructor: Dr. Anvari Student: Ying Zhou Spring 2003.

Hacking Windows 9X/ME. Hacking framework Initial access physical access brute force trojans Privilege escalation Administrator, root privileges Consolidation.

CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Backdoors and Rootkits.

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,

Rootkits, Backdoors, and Trojans ECE 4112 – Lab 5 Summary – Spring 2006 Group 9 Greg Sheridan Terry Harvey Group 10 Matthew Bowman Laura Silaghi Michael.

COEN 250 Computer Forensics Unix System Life Response.

Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Network Forensics - III November 3, 2008.

Computer virus Speaker : 蔡尚倫.  Introduction  Infection target  Infection techniques Outline.

VMM Based Rootkit Detection on Android

Lecture 5 Rootkits Hoglund/Butler (Chapters 1-3).

DEVICE MANAGEMENT AND SECURITY NTM 1700/1702. LEARNING OUTCOMES 1. Students will manipulate multiple platforms and troubleshoot problems when they arise.

Securing a Host Computer BY STEPHEN GOSNER. Definition of a Host  Host  In networking, a host is any device that has an IP address.  Hosts include.

OSSEC HIDS ● Jonathan Schipp ● Dubois County Linux User Group ● Sept 4 th, 2011 ● jonschipp (at) gmail.com.

I have edited and added material.

Backdoor Attacks.

Onno W. Purbo Cracking Techniques Onno W. Purbo

Remote Control and Advanced Techniques

Rootkit A rootkit is a set of tools which take the ability to access a computer or computer network at administrator level. Generally, hackers install.

IS3440 Linux Security Unit 9 Linux System Logging and Monitoring

I have edited and added material.

Rootkits Jonathan Hobbs.

Hiding Malware Rootkits

Presentation transcript:

CIS 450 – Network Security Chapter 15 – Preserving Access

Backdoor – a way for an attacker to get back into a network or system without being detected Common ways to install backdoors By opening a port and using a listening agent Vision Port Scanner Netcat Tini – When I went to download the file I received a message from my virus scanner that the.exe file has a virus which was cured Tini Through the use of a Trojan program Contains overt and covert programs QAZ

Rootkits What is it Trojanize key system files on the operating system File-Level Rootkits The legitimate program is replaced with the Trojan version The legitimate program becomes the overt program and the backdoor becomes the covert function Programs replaced are the ones that a UNIX administrator would use – page 548 Attacker can get back into system and hide his tracks Operate at the application (user) level Defending against File-level rootkits can be discovered by looking for changes in binary programs  Tripwire Tripwire  Aide Aide

Rootkits Kernel-Level Rootkits Operate at the kernel (operating system level) By altering the heart of the operating system, kernel-level rootkits enable attackers to create a system that appears normal to users and administrators. In reality, the underlying kernel is riddled with attacker modifications, all masked by the manipulated kernel. Kernel-level rootkits usually include the ability to redirect system calls, so when a user wants to run one program--say, ps, netstat or ifconfig--a Trojanized version is executed. These tools can also hide processes, files, sniffer usage and network port usage by altering the kernel so that it "lies" to you. Attackers are using numerous kernel-level rootkits for Linux, Solaris and Windows, among others.

Rootkits Kernel-level rootkits – continued Defending Against Techniques used to defend against file-level rootkits don't work as well on a system with a kernel-level rootkit, as all requests for information go through the rotten kernel itself While AIDE may show you that your login binary is intact, the kernel- level rootkit redirects execution to the attacker's backdoor Defeating kernel-level rootkits requires hardening the kernels of critical systems  Saint Jude Project monitors the integrity of a Linux kernel by looking for modifications of the system call table Saint Jude Project Can deploy machines with monolithic kernels created by building a kernel that doesn't support loadable kernel modulesmonolithic Hardening the kernel itself  Pittbull Pittbull Hardened versions of Unix and Unix-like OSes such as such as SELinux3 and Sun Microsystems Trusted Solaris include additional kernel protections  Note: Kernel-hardening solutions can be unwieldy if widely deployed, because they alter the fundamental operation of the kernel, complicating system administration and possibly breaking third-party tools

UNIX Rootkits File-level Rootkits TrojanIT Lrk5 - Ark, Rootkit (This has a Trojan embedded in it, received message from anti-virus software even though I did not download it or open it), and Tk Kernel-level rootkits Knark -

Wrappers A tool that combines two or more files into a single file, usually for the purpose of hiding one of them. Examples SilkRope Saran Wrap -