Hands-On Ethical Hacking and Network Defense Second Edition Chapter 8 Desktop and Server OS...
-
Upload
valentine-gardner -
Category
Documents
-
view
222 -
download
0
Transcript of Hands-On Ethical Hacking and Network Defense Second Edition Chapter 8 Desktop and Server OS...
![Page 1: Hands-On Ethical Hacking and Network Defense Second Edition Chapter 8 Desktop and Server OS Vulnerabilities.](https://reader035.fdocuments.net/reader035/viewer/2022062321/56649e1f5503460f94b0ab19/html5/thumbnails/1.jpg)
Hands-On Ethical Hacking and Network Defense
Second Edition
Chapter 8Desktop and Server OS Vulnerabilities
![Page 2: Hands-On Ethical Hacking and Network Defense Second Edition Chapter 8 Desktop and Server OS Vulnerabilities.](https://reader035.fdocuments.net/reader035/viewer/2022062321/56649e1f5503460f94b0ab19/html5/thumbnails/2.jpg)
Objectives
• After reading this chapter and completing the exercises, you will be able to:– Describe vulnerabilities of Windows and Linux
operating systems– Identify specific vulnerabilities and explain ways to
fix them– Explain techniques to harden systems against
Windows and Linux vulnerabilities
Hands-On Ethical Hacking and Network Defense, Second Edition 2
![Page 3: Hands-On Ethical Hacking and Network Defense Second Edition Chapter 8 Desktop and Server OS Vulnerabilities.](https://reader035.fdocuments.net/reader035/viewer/2022062321/56649e1f5503460f94b0ab19/html5/thumbnails/3.jpg)
Windows OS Vulnerabilities
• Many Windows OSs have serious vulnerabilities– Windows 2000 and earlier
• Administrators must disable, reconfigure, or uninstall services and features
– Windows XP, Vista, Server 2003, Server 2008, and Windows 7
• Most services and features are disabled by default
• Good information source:– CVE Web site
Hands-On Ethical Hacking and Network Defense, Second Edition 3
![Page 4: Hands-On Ethical Hacking and Network Defense Second Edition Chapter 8 Desktop and Server OS Vulnerabilities.](https://reader035.fdocuments.net/reader035/viewer/2022062321/56649e1f5503460f94b0ab19/html5/thumbnails/4.jpg)
Hands-On Ethical Hacking and Network Defense, Second Edition 4
Table 8-1 Windows Server 2008 vulnerabilities found at CVE
![Page 5: Hands-On Ethical Hacking and Network Defense Second Edition Chapter 8 Desktop and Server OS Vulnerabilities.](https://reader035.fdocuments.net/reader035/viewer/2022062321/56649e1f5503460f94b0ab19/html5/thumbnails/5.jpg)
Windows File Systems
• File system – Stores and manages information
• User created
• OS files needed to boot
– Most vital part of any OS• Can be a vulnerability
Hands-On Ethical Hacking and Network Defense, Second Edition 5
![Page 6: Hands-On Ethical Hacking and Network Defense Second Edition Chapter 8 Desktop and Server OS Vulnerabilities.](https://reader035.fdocuments.net/reader035/viewer/2022062321/56649e1f5503460f94b0ab19/html5/thumbnails/6.jpg)
File Allocation Table
• Original Microsoft file system– Supported by nearly all desktop and server Oss– Standard file system for most removable media
• Other than CDs and DVDs
– Later versions provide for larger file and disk sizes
• Most serious shortcoming– Doesn’t support file-level access control lists (ACLs)
• Necessary for setting permissions on files
• Multiuser environment use results in vulnerability
Hands-On Ethical Hacking and Network Defense, Second Edition 6
![Page 7: Hands-On Ethical Hacking and Network Defense Second Edition Chapter 8 Desktop and Server OS Vulnerabilities.](https://reader035.fdocuments.net/reader035/viewer/2022062321/56649e1f5503460f94b0ab19/html5/thumbnails/7.jpg)
NTFS
• New Technology File System (NTFS)– First released as high-end file system
• Added support for larger files, disk volumes, and ACL file security
• Subsequent Windows versions – Included several upgrades
• Alternate data streams (ADSs)– Can “stream” (hide) information behind existing files
• Without affecting function, size, or other information
– Several detection methods
Hands-On Ethical Hacking and Network Defense, Second Edition 7
![Page 8: Hands-On Ethical Hacking and Network Defense Second Edition Chapter 8 Desktop and Server OS Vulnerabilities.](https://reader035.fdocuments.net/reader035/viewer/2022062321/56649e1f5503460f94b0ab19/html5/thumbnails/8.jpg)
Remote Procedure Call
• Interprocess communication mechanism– Allows a program running on one host to run code
on a remote host
• Worm that exploited RPC– Conficker worm
• Microsoft Baseline Security Analyzer– Determines if system is vulnerable due to an RPC-
related issue
Hands-On Ethical Hacking and Network Defense, Second Edition 8
![Page 9: Hands-On Ethical Hacking and Network Defense Second Edition Chapter 8 Desktop and Server OS Vulnerabilities.](https://reader035.fdocuments.net/reader035/viewer/2022062321/56649e1f5503460f94b0ab19/html5/thumbnails/9.jpg)
NetBIOS
• Software loaded into memory – Enables computer program to interact with network
resource or device
• NetBIOS isn’t a protocol– Interface to a network protocol
• NetBios Extended User Interface (NetBEUI)– Fast, efficient network protocol– Allows NetBIOS packets to be transmitted over
TCP/IP– NBT is NetBIOS over TCP
Hands-On Ethical Hacking and Network Defense, Second Edition 9
![Page 10: Hands-On Ethical Hacking and Network Defense Second Edition Chapter 8 Desktop and Server OS Vulnerabilities.](https://reader035.fdocuments.net/reader035/viewer/2022062321/56649e1f5503460f94b0ab19/html5/thumbnails/10.jpg)
Hands-On Ethical Hacking and Network Defense, Second Edition 10
NetBIOS (cont’d.)
• Systems running newer Windows OSs – Share files and resources without using NetBIOS
• NetBIOS is still used for backward compatibility– Budgets don’t allow upgrading– Customer expectations must be met
![Page 11: Hands-On Ethical Hacking and Network Defense Second Edition Chapter 8 Desktop and Server OS Vulnerabilities.](https://reader035.fdocuments.net/reader035/viewer/2022062321/56649e1f5503460f94b0ab19/html5/thumbnails/11.jpg)
Hands-On Ethical Hacking and Network Defense, Second Edition 11
Server Message Block
• Used to share files – Usually runs on top of:
• NetBIOS
• NetBEUI
• TCP/IP
• Several hacking tools target SMB– L0phtcrack’s SMB Packet Capture utility and
SMBRelay• It took Microsoft seven years to patch these
![Page 12: Hands-On Ethical Hacking and Network Defense Second Edition Chapter 8 Desktop and Server OS Vulnerabilities.](https://reader035.fdocuments.net/reader035/viewer/2022062321/56649e1f5503460f94b0ab19/html5/thumbnails/12.jpg)
Server Message Block (cont’d.)
• SMB2 – Introduced in Windows Vista– Several new features– Faster and more efficient
• Windows 7– Microsoft avoided reusing code– Still allowed backward capability
• Windows XP Mode
Hands-On Ethical Hacking and Network Defense, Second Edition 12
![Page 13: Hands-On Ethical Hacking and Network Defense Second Edition Chapter 8 Desktop and Server OS Vulnerabilities.](https://reader035.fdocuments.net/reader035/viewer/2022062321/56649e1f5503460f94b0ab19/html5/thumbnails/13.jpg)
Common Internet File System
• Standard protocol– Replaced SMB for Windows 2000 Server and later– SMB is still used for backward compatibility
• Remote file system protocol – Enables sharing of network resources over the
Internet
• Relies on other protocols to handle service announcements– Notifies users of available resources
Hands-On Ethical Hacking and Network Defense, Second Edition 13
![Page 14: Hands-On Ethical Hacking and Network Defense Second Edition Chapter 8 Desktop and Server OS Vulnerabilities.](https://reader035.fdocuments.net/reader035/viewer/2022062321/56649e1f5503460f94b0ab19/html5/thumbnails/14.jpg)
Common Internet File System (cont’d.)
• Enhancements– Locking features– Caching and read-ahead/write-behind– Support for fault tolerance– Capability to run more efficiently over dial-up– Support for anonymous and authenticated access
• Server security methods– Share-level security– User-level security
Hands-On Ethical Hacking and Network Defense, Second Edition 14
![Page 15: Hands-On Ethical Hacking and Network Defense Second Edition Chapter 8 Desktop and Server OS Vulnerabilities.](https://reader035.fdocuments.net/reader035/viewer/2022062321/56649e1f5503460f94b0ab19/html5/thumbnails/15.jpg)
Common Internet File System (cont’d.)
• Attackers look for servers designated as domain controllers– Severs handle authentication
• Windows Server 2003 and 2008– Domain controller uses a global catalog (GC) server
• Locates resources among many objects
Hands-On Ethical Hacking and Network Defense, Second Edition 15
![Page 16: Hands-On Ethical Hacking and Network Defense Second Edition Chapter 8 Desktop and Server OS Vulnerabilities.](https://reader035.fdocuments.net/reader035/viewer/2022062321/56649e1f5503460f94b0ab19/html5/thumbnails/16.jpg)
Null Sessions
• Anonymous connection established without credentials– Used to display information about users, groups,
shares, and password policies– Necessary only if networks need to support older
Windows versions
• To enumerate NetBIOS vulnerabilities use:– Nbtstat, Net view, Netstat, Ping, Pathping, and
Telnet commands
Hands-On Ethical Hacking and Network Defense, Second Edition 16
![Page 17: Hands-On Ethical Hacking and Network Defense Second Edition Chapter 8 Desktop and Server OS Vulnerabilities.](https://reader035.fdocuments.net/reader035/viewer/2022062321/56649e1f5503460f94b0ab19/html5/thumbnails/17.jpg)
Web Services
• IIS installs with critical security vulnerabilities– IIS Lockdown Wizard
• Locks down IIS versions 4.0 and 5.0
• IIS 6.0 – Installs with a “secure by default” mode– Previous versions left crucial security holes
• Keeping a system patched is important
• Configure only needed services
Hands-On Ethical Hacking and Network Defense, Second Edition 17
![Page 18: Hands-On Ethical Hacking and Network Defense Second Edition Chapter 8 Desktop and Server OS Vulnerabilities.](https://reader035.fdocuments.net/reader035/viewer/2022062321/56649e1f5503460f94b0ab19/html5/thumbnails/18.jpg)
Hands-On Ethical Hacking and Network Defense, Second Edition 18
SQL Server
• Many potential vulnerabilities– Null System Administrator (SA) password
• SA access through SA account
• SA with blank password
– Gives attackers administrative access • Database and database server
![Page 19: Hands-On Ethical Hacking and Network Defense Second Edition Chapter 8 Desktop and Server OS Vulnerabilities.](https://reader035.fdocuments.net/reader035/viewer/2022062321/56649e1f5503460f94b0ab19/html5/thumbnails/19.jpg)
Hands-On Ethical Hacking and Network Defense, Second Edition 19
Buffer Overflows
• Data is written to a buffer and corrupts data in memory next to allocated buffer– Normally, occurs when copying strings of characters
from one buffer to another
• Functions don’t verify text fits– Attackers run shell code
• C and C++ – Lack built-in protection against overwriting data in
memory
![Page 20: Hands-On Ethical Hacking and Network Defense Second Edition Chapter 8 Desktop and Server OS Vulnerabilities.](https://reader035.fdocuments.net/reader035/viewer/2022062321/56649e1f5503460f94b0ab19/html5/thumbnails/20.jpg)
Passwords and Authentication
• Weakest security link in any network – Authorized users
• Most difficult to secure
• Relies on people
– Companies should take steps to address it
Hands-On Ethical Hacking and Network Defense, Second Edition 20
![Page 21: Hands-On Ethical Hacking and Network Defense Second Edition Chapter 8 Desktop and Server OS Vulnerabilities.](https://reader035.fdocuments.net/reader035/viewer/2022062321/56649e1f5503460f94b0ab19/html5/thumbnails/21.jpg)
Passwords and Authentication (cont’d.)
• Comprehensive password policy is critical– Should include:
• Change regularly
• Require at least six characters
• Require complex passwords
• Passwords can’t be common words, dictionary words, slang, jargon, or dialect
• Passwords must not be identified with a user
• Never write it down or store it online or in a file
• Do not reveal it to anyone
• Use caution when logging on and limit reuse
Hands-On Ethical Hacking and Network Defense, Second Edition 21
![Page 22: Hands-On Ethical Hacking and Network Defense Second Edition Chapter 8 Desktop and Server OS Vulnerabilities.](https://reader035.fdocuments.net/reader035/viewer/2022062321/56649e1f5503460f94b0ab19/html5/thumbnails/22.jpg)
Passwords and Authentication (cont’d.)
• Configure domain controllers– Enforce password age, length, and complexity
• Password policy aspects that can be enforced:– Account lockout threshold
• Set number of failed attempts before account is disabled temporarily
– Account lockout duration• Set period of time account is locked out after failed
logon attempts
Hands-On Ethical Hacking and Network Defense, Second Edition 22
![Page 23: Hands-On Ethical Hacking and Network Defense Second Edition Chapter 8 Desktop and Server OS Vulnerabilities.](https://reader035.fdocuments.net/reader035/viewer/2022062321/56649e1f5503460f94b0ab19/html5/thumbnails/23.jpg)
Tools for Identifying Vulnerabilities in Windows
• Many tools are available– Using more than one is advisable
• Using several tools – Helps pinpoint problems more accurately
Hands-On Ethical Hacking and Network Defense, Second Edition 23
![Page 24: Hands-On Ethical Hacking and Network Defense Second Edition Chapter 8 Desktop and Server OS Vulnerabilities.](https://reader035.fdocuments.net/reader035/viewer/2022062321/56649e1f5503460f94b0ab19/html5/thumbnails/24.jpg)
Built-in Windows Tools
• Microsoft Baseline Security Analyzer (MBSA)– Capable of checking for:
• Patches
• Security updates
• Configuration errors
• Blank or weak passwords
Hands-On Ethical Hacking and Network Defense, Second Edition 24
![Page 25: Hands-On Ethical Hacking and Network Defense Second Edition Chapter 8 Desktop and Server OS Vulnerabilities.](https://reader035.fdocuments.net/reader035/viewer/2022062321/56649e1f5503460f94b0ab19/html5/thumbnails/25.jpg)
Hands-On Ethical Hacking and Network Defense, Second Edition 25
Figure 8-1 Checks available in MBSA
![Page 26: Hands-On Ethical Hacking and Network Defense Second Edition Chapter 8 Desktop and Server OS Vulnerabilities.](https://reader035.fdocuments.net/reader035/viewer/2022062321/56649e1f5503460f94b0ab19/html5/thumbnails/26.jpg)
Hands-On Ethical Hacking and Network Defense, Second Edition 26
Table 8-2 Checks performed by MBSA in full-scan mode
![Page 27: Hands-On Ethical Hacking and Network Defense Second Edition Chapter 8 Desktop and Server OS Vulnerabilities.](https://reader035.fdocuments.net/reader035/viewer/2022062321/56649e1f5503460f94b0ab19/html5/thumbnails/27.jpg)
Hands-On Ethical Hacking and Network Defense, Second Edition 27
Table 8-2 Checks performed by MBSA in full-scan mode (cont’d.)
![Page 28: Hands-On Ethical Hacking and Network Defense Second Edition Chapter 8 Desktop and Server OS Vulnerabilities.](https://reader035.fdocuments.net/reader035/viewer/2022062321/56649e1f5503460f94b0ab19/html5/thumbnails/28.jpg)
Using MBSA
• System must meet minimum requirements – Before installing
• After installing, MBSA can:– Scan itself– Scan other computers remotely– Be scanned remotely
Hands-On Ethical Hacking and Network Defense, Second Edition 28
![Page 29: Hands-On Ethical Hacking and Network Defense Second Edition Chapter 8 Desktop and Server OS Vulnerabilities.](https://reader035.fdocuments.net/reader035/viewer/2022062321/56649e1f5503460f94b0ab19/html5/thumbnails/29.jpg)
Hands-On Ethical Hacking and Network Defense, Second Edition 29
Table 8-3 Minimum system requirements for MBSA
![Page 30: Hands-On Ethical Hacking and Network Defense Second Edition Chapter 8 Desktop and Server OS Vulnerabilities.](https://reader035.fdocuments.net/reader035/viewer/2022062321/56649e1f5503460f94b0ab19/html5/thumbnails/30.jpg)
Best Practices for Hardening Windows Systems
• Penetration tester– Finds and reports vulnerabilities
• Security tester– Finds vulnerabilities– Gives recommendations for correcting them
Hands-On Ethical Hacking and Network Defense, Second Edition 30
![Page 31: Hands-On Ethical Hacking and Network Defense Second Edition Chapter 8 Desktop and Server OS Vulnerabilities.](https://reader035.fdocuments.net/reader035/viewer/2022062321/56649e1f5503460f94b0ab19/html5/thumbnails/31.jpg)
Patching Systems
• Best way to keep systems secure– Keep up to date
• Attackers take advantage of known vulnerabilities
• Options for small networks– Accessing Windows Update manually– Configure Automatic Updates
• Options for large networks– Systems Management Server (SMS)– Windows Software Update Service (WSUS)
• Third-party patch management solutionsHands-On Ethical Hacking and Network Defense, Second Edition 31
![Page 32: Hands-On Ethical Hacking and Network Defense Second Edition Chapter 8 Desktop and Server OS Vulnerabilities.](https://reader035.fdocuments.net/reader035/viewer/2022062321/56649e1f5503460f94b0ab19/html5/thumbnails/32.jpg)
Antivirus Solutions
• Antivirus solution is essential– Small networks
• Desktop antivirus tool with automatic updates
– Large networks• Require corporate-level solution
• Antivirus tools – Almost useless if not updated regularly
Hands-On Ethical Hacking and Network Defense, Second Edition 32
![Page 33: Hands-On Ethical Hacking and Network Defense Second Edition Chapter 8 Desktop and Server OS Vulnerabilities.](https://reader035.fdocuments.net/reader035/viewer/2022062321/56649e1f5503460f94b0ab19/html5/thumbnails/33.jpg)
Enable Logging and Review Logs Regularly
• Important step for monitoring critical areas– Performance– Traffic patterns– Possible security breaches
• Can have negative impact on performance
• Review regularly – Signs of intrusion or problems
• Use log-monitoring tool
Hands-On Ethical Hacking and Network Defense, Second Edition 33
![Page 34: Hands-On Ethical Hacking and Network Defense Second Edition Chapter 8 Desktop and Server OS Vulnerabilities.](https://reader035.fdocuments.net/reader035/viewer/2022062321/56649e1f5503460f94b0ab19/html5/thumbnails/34.jpg)
Disable Unused Services and Filtering Ports
• Disable unneeded services
• Delete unnecessary applications or scripts– Unused applications are invitations for attacks
• Reducing the attack surface– Open only what needs to be open, and close
everything else
• Filter out unnecessary ports– Make sure perimeter routers filter out ports 137 to
139 and 445
Hands-On Ethical Hacking and Network Defense, Second Edition 34
![Page 35: Hands-On Ethical Hacking and Network Defense Second Edition Chapter 8 Desktop and Server OS Vulnerabilities.](https://reader035.fdocuments.net/reader035/viewer/2022062321/56649e1f5503460f94b0ab19/html5/thumbnails/35.jpg)
Other Security Best Practices
• Other practices include:– Use TCP/IP filtering– Delete unused scripts and sample applications– Delete default hidden shares– Use unique naming scheme and passwords– Be careful of default permissions– Use appropriate packet-filtering techniques– Use available tools to assess system security– Disable Guest account
Hands-On Ethical Hacking and Network Defense, Second Edition 35
![Page 36: Hands-On Ethical Hacking and Network Defense Second Edition Chapter 8 Desktop and Server OS Vulnerabilities.](https://reader035.fdocuments.net/reader035/viewer/2022062321/56649e1f5503460f94b0ab19/html5/thumbnails/36.jpg)
Other Security Best Practices (cont’d.)
• Other practices include (cont’d.):– Rename default Administrator account– Make sure there are no accounts with blank
passwords– Use Windows group policies– Develop a comprehensive security awareness
program– Keep up with emerging threats
Hands-On Ethical Hacking and Network Defense, Second Edition 36
![Page 37: Hands-On Ethical Hacking and Network Defense Second Edition Chapter 8 Desktop and Server OS Vulnerabilities.](https://reader035.fdocuments.net/reader035/viewer/2022062321/56649e1f5503460f94b0ab19/html5/thumbnails/37.jpg)
Linux OS Vulnerabilities
• Linux can be made more secure – Awareness of vulnerabilities – Keep current on new releases and fixes
• Many versions are available– Differences ranging from slight to major
• It’s important to understand basics– Run control and service configuration– Directory structure and file system– Basic shell commands and scripting – Package management
Hands-On Ethical Hacking and Network Defense, Second Edition 37
![Page 38: Hands-On Ethical Hacking and Network Defense Second Edition Chapter 8 Desktop and Server OS Vulnerabilities.](https://reader035.fdocuments.net/reader035/viewer/2022062321/56649e1f5503460f94b0ab19/html5/thumbnails/38.jpg)
Samba
• Open-source implementation of CIFS– Created in 1992
• Allows sharing resources over a network– Security professionals should have basic knowledge
of SMB and Samba• Many companies have a mixed environment of
Windows and *nix systems
• Used to “trick” Windows services into believing *nix resources are Windows resources
Hands-On Ethical Hacking and Network Defense, Second Edition 38
![Page 39: Hands-On Ethical Hacking and Network Defense Second Edition Chapter 8 Desktop and Server OS Vulnerabilities.](https://reader035.fdocuments.net/reader035/viewer/2022062321/56649e1f5503460f94b0ab19/html5/thumbnails/39.jpg)
Tools for Identifying Linux Vulnerabilities
• CVE Web site– Source for discovering possible attacker avenues
Hands-On Ethical Hacking and Network Defense, Second Edition 39
Table 8-4 Linux vulnerabilities found at CVE
![Page 40: Hands-On Ethical Hacking and Network Defense Second Edition Chapter 8 Desktop and Server OS Vulnerabilities.](https://reader035.fdocuments.net/reader035/viewer/2022062321/56649e1f5503460f94b0ab19/html5/thumbnails/40.jpg)
Tools for Identifying Linux Vulnerabilities (cont’d.)
• OpenVAS can enumerate multiple OSs– Security tester using enumeration tools can:
• Identify a computer on the network by using port scanning and zone transfers
• Identify the OS by conducting port scanning and enumeration
• Identify via enumeration any logon accounts and passwords
• Learn names of shared folders by using enumeration
• Identify services running
Hands-On Ethical Hacking and Network Defense, Second Edition 40
![Page 41: Hands-On Ethical Hacking and Network Defense Second Edition Chapter 8 Desktop and Server OS Vulnerabilities.](https://reader035.fdocuments.net/reader035/viewer/2022062321/56649e1f5503460f94b0ab19/html5/thumbnails/41.jpg)
Hands-On Ethical Hacking and Network Defense, Second Edition 41
Figure 8-5 Viewing security warning details
![Page 42: Hands-On Ethical Hacking and Network Defense Second Edition Chapter 8 Desktop and Server OS Vulnerabilities.](https://reader035.fdocuments.net/reader035/viewer/2022062321/56649e1f5503460f94b0ab19/html5/thumbnails/42.jpg)
Hands-On Ethical Hacking and Network Defense, Second Edition 42
Figure 8-6 OpenVAS revealing a security hole resulting from a Firefox vulnerability
![Page 43: Hands-On Ethical Hacking and Network Defense Second Edition Chapter 8 Desktop and Server OS Vulnerabilities.](https://reader035.fdocuments.net/reader035/viewer/2022062321/56649e1f5503460f94b0ab19/html5/thumbnails/43.jpg)
Hands-On Ethical Hacking and Network Defense, Second Edition 43
Figure 8-7 OpenVAS revealing a security hole resulting from a DHCP client vulnerability
![Page 44: Hands-On Ethical Hacking and Network Defense Second Edition Chapter 8 Desktop and Server OS Vulnerabilities.](https://reader035.fdocuments.net/reader035/viewer/2022062321/56649e1f5503460f94b0ab19/html5/thumbnails/44.jpg)
Checking for Trojan Programs
• Most Trojan programs perform one or more of the following:– Allow remote administration of attacked system– Create a file server on attacked computer
• Files can be loaded and downloaded
– Steal passwords from attacked system • E-mail them to attacker
– Log keystrokes • E-mail results or store them in a hidden file the
attacker can access remotely
Hands-On Ethical Hacking and Network Defense, Second Edition 44
![Page 45: Hands-On Ethical Hacking and Network Defense Second Edition Chapter 8 Desktop and Server OS Vulnerabilities.](https://reader035.fdocuments.net/reader035/viewer/2022062321/56649e1f5503460f94b0ab19/html5/thumbnails/45.jpg)
Checking for Trojan Programs (cont’d.)
• Linux Trojan programs – Sometimes disguised as legitimate programs– Contain program code that can wipe out file systems– More difficult to detect today
• Protecting against identified Trojan programs is easier
• Rootkits containing Trojan binary programs– More dangerous– Attackers hide tools
• Perform further attacks
• Have access to backdoor programs
Hands-On Ethical Hacking and Network Defense, Second Edition 45
![Page 46: Hands-On Ethical Hacking and Network Defense Second Edition Chapter 8 Desktop and Server OS Vulnerabilities.](https://reader035.fdocuments.net/reader035/viewer/2022062321/56649e1f5503460f94b0ab19/html5/thumbnails/46.jpg)
More Countermeasures Against Linux Attacks
• Most critical tasks:– User awareness training– Keeping current– Configuring systems to improve security
Hands-On Ethical Hacking and Network Defense, Second Edition 46
![Page 47: Hands-On Ethical Hacking and Network Defense Second Edition Chapter 8 Desktop and Server OS Vulnerabilities.](https://reader035.fdocuments.net/reader035/viewer/2022062321/56649e1f5503460f94b0ab19/html5/thumbnails/47.jpg)
User Awareness Training
• Inform users– No information should be given to outsiders
• Knowing OS makes attacks easier
– Be suspicious of people asking questions • Verify who they are talking to
• Call them back
Hands-On Ethical Hacking and Network Defense, Second Edition 47
![Page 48: Hands-On Ethical Hacking and Network Defense Second Edition Chapter 8 Desktop and Server OS Vulnerabilities.](https://reader035.fdocuments.net/reader035/viewer/2022062321/56649e1f5503460f94b0ab19/html5/thumbnails/48.jpg)
Keeping Current
• As soon as a vulnerability is discovered and posted – OS vendors notify customers
• Upgrades
• Patches
– Installing fixes promptly is essential
• Linux distributions – Most have warning methods
Hands-On Ethical Hacking and Network Defense, Second Edition 48
![Page 49: Hands-On Ethical Hacking and Network Defense Second Edition Chapter 8 Desktop and Server OS Vulnerabilities.](https://reader035.fdocuments.net/reader035/viewer/2022062321/56649e1f5503460f94b0ab19/html5/thumbnails/49.jpg)
Secure Configuration
• Many methods to help prevent intrusion– Vulnerability scanners– Built-in Linux tools– Free benchmark tools
• Center for Internet Security
– Security Blanket • Trusted Computer Solutions
Hands-On Ethical Hacking and Network Defense, Second Edition 49
![Page 50: Hands-On Ethical Hacking and Network Defense Second Edition Chapter 8 Desktop and Server OS Vulnerabilities.](https://reader035.fdocuments.net/reader035/viewer/2022062321/56649e1f5503460f94b0ab19/html5/thumbnails/50.jpg)
Summary
• Default installations of Windows OSs – Can contain serious vulnerabilities
• Vulnerabilities in Windows file systems – Lack of ACL support in FAT – Risk of malicious ADSs in NTFS– RCP– NetBIOS– SMB– Null sessions– Windows Web services and IIS
Hands-On Ethical Hacking and Network Defense, Second Edition 50
![Page 51: Hands-On Ethical Hacking and Network Defense Second Edition Chapter 8 Desktop and Server OS Vulnerabilities.](https://reader035.fdocuments.net/reader035/viewer/2022062321/56649e1f5503460f94b0ab19/html5/thumbnails/51.jpg)
Summary (cont’d.)
• Microsoft SQL Server – Critical SQL vulnerability
• Null SA password
• Buffer overflow attacks – Allow attackers to run arbitrary code
• Users represent a major security vulnerability– Create a comprehensive password policy and
training program
• Tools are available for discovering Windows vulnerabilities (e.g., MBSA)
Hands-On Ethical Hacking and Network Defense, Second Edition 51
![Page 52: Hands-On Ethical Hacking and Network Defense Second Edition Chapter 8 Desktop and Server OS Vulnerabilities.](https://reader035.fdocuments.net/reader035/viewer/2022062321/56649e1f5503460f94b0ab19/html5/thumbnails/52.jpg)
Summary (cont’d.)
• Steps to secure systems – Keeping systems updated, running antivirus tools,
reviewing logs regularly, etc.
• Vulnerabilities of Linux OS – Can be discovered with security tools
• Samba– Created to address issue of interoperability
• Tools can detect rootkits on Linux systems (e.g., chkrootkit)
• Built-in Linux tools are available for configuring
Hands-On Ethical Hacking and Network Defense, Second Edition 52