Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 UNIX Postmortem Mark Henman. 2 Introduction For most system administrators, there is no question that at some point at least one of their systems is.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "1 UNIX Postmortem Mark Henman. 2 Introduction For most system administrators, there is no question that at some point at least one of their systems is."— Presentation transcript:

1 1 UNIX Postmortem Mark Henman

2 2 Introduction For most system administrators, there is no question that at some point at least one of their systems is going to be hijacked by someone else. This presentation should provide enough information to help an administrator quickly and successfully recover from an attack.

3 3 Discovery Realize that you’ve been hacked Tools Observation

4 4 Realize that you’ve been hacked Crackers use to make themselves known quickly –Web site defacing Today’s crackers hide Hijacked machine market

5 5 Tools seccheck chkrootkit Tripwire Snort Use more than one form of intrusion detection. Watch for intruders inside and out.

6 6 Trust Nothing! Files may have been replaced –Binaries –Shared Libraries –Kernel

7 7 Trust Nothing! Disconnect the Network Shutdown the system Boot from a trusted hard drive Mount compromised file systems without execute permissions

8 8 Examining The System Log Files Changed system executables Shared libraries Viewed files Back doors Other network accessible systems

9 9 System Restoration Backup user data Check for alterations Re-install the Operating System Restore user data

10 10 Follow-up Harden the system against attack Check for abnormal behavior Bring the system back into service Monitor the log files

11 11 Conclusion Don’t panic! Isolate quickly Examine slowly and carefully Protect the system from a repeat attack

12 12 Where to Get More Information www.snort.org www.tripwire.org www.chkrootkit.org www.sans.org

Download ppt "1 UNIX Postmortem Mark Henman. 2 Introduction For most system administrators, there is no question that at some point at least one of their systems is."

Similar presentations

Presented by Nikita Shah 5th IT ( )

Presented by Nikita Shah 5th IT ( )
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Operating system Part four Introduction to computer, 2nd semester, 2010/2011 Mr.Nael Aburas Faculty of Information.

Operating system Part four Introduction to computer, 2nd semester, 2010/2011 Mr.Nael Aburas Faculty of Information.
Introduction to InfoSec – Recitation 13 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)

Introduction to InfoSec – Recitation 13 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)
Rootkit Definition A rootkit is a collection of tools (programs) that enable administrator-level access to a computer or computer network. Typically, a.

Rootkit Definition A rootkit is a collection of tools (programs) that enable administrator-level access to a computer or computer network. Typically, a.
Using Nagios for Intrusion detection Miguel Cárdenas Montes Elio Pérez Calle Francisco Javier Rodríguez Calonge.

Using Nagios for Intrusion detection Miguel Cárdenas Montes Elio Pérez Calle Francisco Javier Rodríguez Calonge.
ROOTKIT VIRUS by Himanshu Mishra Points to be covered Introduction History Uses Classification Installation and Cloaking Detection Removal.

ROOTKIT VIRUS by Himanshu Mishra Points to be covered Introduction History Uses Classification Installation and Cloaking Detection Removal.
What is hacking? Taeho Oh

What is hacking? Taeho Oh
Exam ● On May 15, at 10:30am in this room ● Two hour exam ● Open Notes ● Will mostly cover material since Exam 2 ● No, You may not take it early.

Exam ● On May 15, at 10:30am in this room ● Two hour exam ● Open Notes ● Will mostly cover material since Exam 2 ● No, You may not take it early.
EMU/ICT Incident Response Team Firewall Access Session Presenter: IRT TEAM Member.

EMU/ICT Incident Response Team Firewall Access Session Presenter: IRT TEAM Member.
IBM Security Network Protection (XGS)

IBM Security Network Protection (XGS)
Presented by C.SARITHA ( 07R91A0568) INTRUSION DETECTION SYSYTEM.

Presented by C.SARITHA ( 07R91A0568) INTRUSION DETECTION SYSYTEM.
Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.

Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.
Linux Networking and Security Chapter 10 File Security.

Linux Networking and Security Chapter 10 File Security.
Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?

Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?
Cloud Computing How secure is it? Author: Marziyeh Arabnejad Revised/Edited: James Childress April 2014 Tandy School of Computer Science.

Cloud Computing How secure is it? Author: Marziyeh Arabnejad Revised/Edited: James Childress April 2014 Tandy School of Computer Science.
VMM Based Rootkit Detection on Android Class Presentation Pete Bohman, Adam Kunk, Erik Shaw.

VMM Based Rootkit Detection on Android Class Presentation Pete Bohman, Adam Kunk, Erik Shaw.
Stuart Cunningham - Computer Platforms - 2003 COMPUTER PLATFORMS Computer & Network Security & User Support & Training Week 11.

Stuart Cunningham - Computer Platforms COMPUTER PLATFORMS Computer & Network Security & User Support & Training Week 11.
Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)

Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)
Prepared By, Mahadir Ahmad. StopBadware makes the Web safer through the prevention, mitigation, and remediation of badware websites. partners include.

Prepared By, Mahadir Ahmad. StopBadware makes the Web safer through the prevention, mitigation, and remediation of badware websites. partners include.

Similar presentations

Ads by Google