Essay Title: 

Unit 4 – Unix and Forensics -GP

March 19, 2016 | Author: | Posted in internet, technology

While most computer system break-ins occur because of weak passwords there are also several advanced techniques for breaking in . Individuals who perform these break-ins do not do so randomly – they usually have a specific purpose in mind

Sys admins are often unaware of the more exotic vulnerabilities of their system . In assessing the security of a site , network services will be useful , such as finger , showmount , rcpinfo . Some of the techniques shown here often leave traces in system logs , so it might be useful to scour these also

Commands

The [banner_entry_middle]

finger command gives information about a specified user , such as whether he is logged in or not . Finger is one of the most dangerous services , because it is very useful in obtaining information about a potential target . Another hole in the system that can be uncovered with the finger command is the existence of an ftp account , which usually means that anonymous ftp is enabled . It is not unusual that anonymous ftp is misconfigured , and this can mean an easy way to break in to a system , whereby someone can execute remote commands

The showmount command is used to query the state of the NFS server on a remote host . When no options are included , a list of clients mounting from that host is printed

The mount command mainly serves to attach the system found on some device to the hierarchy . The mount command can also be used to list all mounted systems

The echo command prints the argument given . It can receive environment variables as arguments and print the actual value of the variable , hence this is useful for determining some standard locations or names that might be useful to a hacker

The rlogin command creates a remote login session to a specific machine a username can be specified with the -l option

The whoami command displays the name of the currently logged-in user

The rsh command creates a remote shell on a (remote ) host , whereby a remotely logged in user can issue commands

The command rpcinfo prints Remote Procedure Call (RPC ) information Since the RPC protocol allows transparent remote subroutine calling (where a program on one computer can call a subroutine without explicit programming of the process by the programmer , this also poses a security risk

The ypwhich command shows which nis server is used . NIS means Network Information Service . It centralizes service of passwords through NIS servers . Exploits holes in NIS , get more passwords

The xhost command is used to add and delete computers or users to the list allowed to make connections to the x server , which handles all access to the graphics cards , display screens and input devices (typically a keyboard and mouse ) on those computers

The telnet command is used to create a connection to a remote system allowing an individual to log in as a regular user

Protecting the system

Some key directives to remember for system security are

The finger service should be turned off if it is not… [banner_entry_footer]

Comments Off on Unit 4 – Unix and Forensics -GP

Author:

This author has published 9190 articles so far. More info about the author is coming soon.

Comments are closed.