Verified Document

Unix/Linux Systems Vulnerabilities And Controls Essay

6.30. When there are no restrictions for unprivileged users and if the option for config_rdskernel configuration is set, hackers can write arbitrary values into kernel memory (by making specific types of socket function calls) since kernel software has not authenticated that the user address is actually found in the user segment. The lack of verification of the user address can provide hackers to gain privileges and access to areas that they should not have, since they are not users with an address residing in the proper user segment. Perhaps the most insecure facet of Unix systems can be found in the usage of r-tools, which also routinely fail to verify the authenticity of user names and addresses. In theory, r-tools are supposed to function as a measure of convenience which allows privileged users the ability to login to networks and individual computers without presenting a password. Yet this same potential allows for intruders to gain entry into these same systems due to the r-tools' penchant for "trusting" hostnames and usernames based on Unix authentication, which is not always authentic. The most frequently found r-tools in Unix include rlogin (which runs on the TCP port 513 and creates a remote shell on a particular systems, rsh (which functions similarly to rlogin with the exception that it completes a command on a remote host and returns its output), and rcp (which replicates file information to or from a remote host). Rwho is one of the most valuable r-tools for a hacker, since it communicates with rwho machines and determines which users are logged into what aspect of a local subnet. Such a tool could allow hackers to gain several verified usernames for hosts. Rexec is nearly identical in function to rsh, except that the former can provide information about passwords if they are stored in a user's shell history.

There are several...

Some of these means are directly related to the vulnerabilities previously outlined. In the case of the weaknesses presented to Linux systems due to r-tools, the most effect measure of protection would be to turn those tools off and remove them (as soon as possible), and substitute SSH for them, which has a better authentication process and encrypts its traffic. The security issues presented with the RDS protocol in unpatched versions of the Linux kernel may be remedied by installing updates from Linus Torvalds or by applying the limited patch and recompiling the kernel.
General control for Linux systems which may be vulnerable during the enumeration phase include employment of firewalls, anti-virus software, intrusion detection systems, intrusion protection systems and vulnerability assessment tools. It is also recommended that Unix users make an effort to close all unused ports and services to prevent intrusion. Firewalls are most effective when they are well configured and installed in a company's network, so that they can rebuff hackers by creating a virtual wall between the network and the surrounding presence of the internet. Intrusion detection systems provide a degree of circumspection for an entire network and report any suspect activity to administrators -- particularly in light of an attack. Anti-virus software can find and extricate the presence of viruses and spyware, while intrusion prevention systems also monitor networks for malignant activity and create a log of it.

References

Noyes, K. (2010). Linux Kernel Exploit Gives Hackers A Back Door. PC World. Retrieved from http://www.pcworld.com/businesscenter/article/205867/linux_kernel_exploit_gives_hackers_a_back_door.html

Sources used in this document:
References

Noyes, K. (2010). Linux Kernel Exploit Gives Hackers A Back Door. PC World. Retrieved from http://www.pcworld.com/businesscenter/article/205867/linux_kernel_exploit_gives_hackers_a_back_door.html
Cite this Document:
Copy Bibliography Citation

Related Documents

Linux Security Technologies
Words: 1182 Length: 3 Document Type: Research Paper

Linux Security Technologies The continued popularity and rapid growth of open source software in general and the Linux operating system specifically are having a disruptive impact on proprietary software. The disruptive impacts of open source software are so pervasive that they are completely re-ordering the enterprise system strategies in many corporations globally today (Rooney, 2004). With this proliferation of open source software and the foundation being laid by the Linux operating

Analysis of Operating Systems Protective Measures
Words: 2837 Length: 8 Document Type: Research Paper

Operating Systems Protection Operating systems are the collection of programs that assist users operating computer hardware to control and managing the computer resources, providing the user interface and enforcing security measures. An operating system is referred as the physical environment that provides an interface between the underlying computer hardware and data. The advent of information and networking systems has led to the connectivity of the computer system that assists in

Chef Delivery System: On-Premises and the Cloud
Words: 2991 Length: 8 Document Type: Chapter

Chef Delivery is a continuous and unified delivery service that provides enterprise DevOps teams with a new workflow framework in which they can better manage the continuous delivery of their infrastructure. In sum, Chef Delivery automates changes to infrastructure, runtime environments and applications, but it provides a useful framework in which automated testing and continuous integration and delivery can be achieved. In addition, Chef Delivery provides software developers with relevant

Information Technology Refuting the Claims
Words: 3173 Length: 12 Document Type: Thesis

Linux Kernel Analysis Much has been written in praise of the Linux (Crandall, Wu, Chong, 359), (Parnas, 112), (Baliga, Iftode, Chen, 323), and its use of preemptive multitasking memory architectures to manage process control, file management, device management, information maintenance and communications subsystems securely and effectively. The Linux modular design, lack of reliance on Remote Procedure Calls (RPC), and use of UNIX-based system administration all are often cited as factors in how

Cross Platform Mobile and Web
Words: 17284 Length: 63 Document Type: Thesis

82). Both desktop and Web widgets have the same basic components. Fundamentally, they use Web compatible formats, even if intended to run in a desktop environment. This means that the core of the widget is HTML and CSS code which contains the actual content of the widget, namely text, linked images/video or content pulled from a server of Web service. Alternatively, the widget content can be created using Flash, although

Initiatives Require Bold Solutions, and
Words: 10456 Length: 38 Document Type: Capstone Project

The following diagram represents the structure of the idea. Figure 2. Project flow pursuant to Plan Abu Dhabi 2030: Urban Structure Framework Plan Objectives of the Study The overarching objective of this study is to build a solid portfolio management application that connects all the local governments of Abu Dhabi emirates in ways that will allow them to collaborate on various projects pursuant to Plan Abu Dhabi 2030 through one unified system

Sign Up for Unlimited Study Help

Our semester plans gives you unlimited, unrestricted access to our entire library of resources —writing tools, guides, example essays, tutorials, class notes, and more.

Get Started Now