World is Welcome To The World of Linux

Journey into the world of linux

Menu
  • About
  • Welcome
Menu

How Linux Systems Security is Compromised

Posted on June 23, 2010 by Ganesh Sharma

If you're new here, you may want to subscribe to my RSS feed. Thanks for visiting!

There was a time when no machines were connected to each other and no risks of any kind of attacks were there. With the advent of networking, the security attacks became quite common. Now as the sophistication of IT security systems and networks is increasing and so is the risk of types of attacks on the systems.

Here in this article I’m gonna discuss on most common types of attacks on Linux systems.

Log Files Related Attacks

For crackers(commonly known as hackers), its very easy to break into your system and gain root access if they get to read the logs of the system. If log files have read permissions for normal users, then whosoever breaks into the system as normal user, can easily read all the logs. Let’s say if some user who is poor at typing and mistakenly types password instead of the user name, leaves the door for the crackers to break into the root of the system. How, simply by reading the log files and failed login attempts in the system, they can easily gain root access.

Second type of attack is deleting the traces of their nasty things done when logging out of the system. This way all the traces are removed and nobody knows who logged into your system within same account.

Social Engineering Attacks

When someone breaches your security by acting as one of your known or beneficiary, the attack is known as Social engineering attack. Someone may call you by acting as an employee of your firm or your friend’s friend or someone from ISP who wants to secure your system and ask for some vital information. That’s enough for them.

Exploiting suid and sgid programs

Any programs which are suid or sgid can be dangerous. These programs run with the permission of root or the owner of the programs and are binary programs. So, if your linux system has lot of suid and sgid programs then chances are that your linux security can be easily exploited. The situation becomes even more dangerous when the suid/sgid programs are poorly written. e.g when suid programs are written, then at the run time the privileges are elevated. Now, if the programmer forgets to drop the privileges then the root privileges are retained by the program. That means the program will drop you to root shell once it finishes its running session. According to “Hacking Linux Exposed” written by Brian Hach, program wmtv(video4linux) was having such problem.

Physical System Attack

Physical system attacks by spies are not uncommon. They will simply reboot the system when having access to the area where server is lying. Then at the time of boot, they’ll start the system in single mode and run it as root user.

DNS Attacks

The DNS(Domain Name Service) attacks are also common and are advanced type of network security attacks. We believe whatever IP address is returned by a DNS server for a domain name. Now let’s say that a cracker exploits some vulnerability on DNS and ends up owning your zone file, then they can divert all of your domain name traffic to his/her own networks and machines by making few changes to the zone file. This way you may end up revealing all of your important information like user/pass to the cracker.

Changing Core Programs With Their Own Version

This also happens. Let’s say a cracker has broken into your system. Now they’ll change your ls command and ps commands with their own versions so that you can see all files but their. Similarly you can see all processes but not the ones being run by the cracker.

DoS Attacks

DoS attacks are Denial of Service Attacks. These are also known as Network Flood Attacks. Normally automated requests are made to your service e.g web service. This way web server will launch new child process for each request and comes to its knees in very short interval specifically if it has low resources. Similar attacks are ping attacks, syn attacks. That is why these are called DoS attacks because they deny to serve you the desired service.

More is on the way. With the next tutorial I’ll start with Firewalls discussion for carrying out security topics further. Keep visiting to read more on Linux security.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recent Posts

  • Date Command Tutorial(Video)
  • grep Command Tutorial – 1(Video)
  • Introduction To ls Command(Video)
  • Chapter 3
  • Set Position Of Poll Module Into Joomla

Recent Comments

  • Kansas City Trailer Proz on Physical Volume In AIX – A Primer
  • Create volume group in AIX | myunixsheet on How To Create Volume Group
  • Restore of AIX backup on other Unix system - TecHub on What is mksysb And What Are Its Components
  • Firewall Unleashed - InfoSec Institute on Packet Filtering Firewall: An Introduction
  • Manwendra on Proxy Firewall and Gateway Firewall: Introduction

Archives

  • January 2019
  • June 2010
  • May 2010
  • February 2010
  • May 2009
  • April 2009
  • March 2009
  • February 2009
  • January 2009
  • December 2008
  • November 2008

Categories

  • 30 Days To Joomla WebSite Setup
  • A Journey To The World of Linux System Administration
  • Aix
  • Backups
  • Books
  • Firewalls
  • Introduction
  • Joomla
  • Joomla Backup
  • Joomla Web Technology
  • Linux
  • LPAR and Virtualization
  • LVM
  • Pluggable Authentication Modules
  • section navigator pro
  • Security
  • Security Knowledge Base
  • Tips and Tricks
  • Uncategorized
  • World is Welcome Products

Meta

  • Log in
  • Entries RSS
  • Comments RSS
  • WordPress.org
©2023 World is Welcome To The World of Linux | WordPress Theme by SuperbThemes