Article Title: describes four intrusion levels for Linux servers. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.
With the expansion of Linux enterprise applications, a large number of network servers use the Linux operating system. The security and performance of Linux servers have received increasing attention. Here we list the depth of attacks against Linux servers in a hierarchical manner and propose different solutions.
Linux Server attacks are defined as an unauthorized action designed to impede, damage, weaken, or damage the security of Linux servers. The attack range can be from denial of service to completely endangering and damaging the Linux server. There are many types of Linux Server attacks. This article describes the attack depth in four levels.
Attack Level 1: DoS)
Due to the proliferation of DoS attack tools and the fact that the protocol layer defects cannot be changed for a short time, DoS has become the most widely spread and the most difficult way to prevent attacks.
Denial-of-Service (DoS) attacks include distributed denial-of-service (DoS) attacks, reflected distribution Denial-of-Service (DoS) attacks, DNS distribution Denial-of-Service (DoS) attacks, and FTP attacks. Most denial-of-service attacks cause relatively low-level risks. Even attacks that may cause system restart are only temporary problems. This type of attacks, unlike those that want to obtain network control, generally do not affect data security. However, Service Denial of Service (DoS) attacks may last for a long time and are very difficult.
So far, there is no absolute way to stop such attacks. However, this does not mean that we should stick to it. In addition to emphasizing the importance of personal hosts to strengthen protection against exploitation, it is very important to strengthen the management of servers. Be sure to install the verification software and filter function to check the real address of the source address of the message. In addition, you can take the following measures for Service Denial: disable unnecessary services, limit the number of Syn semi-connections opened at the same time, shorten the time out time of Syn semi-connections, and timely update system patches.
Attack Level 2: Local Users obtain the read and write permissions for unauthorized files
A local user is a user who has a password on any machine on the local network and thus has a directory on a drive. Whether the local user has obtained the read and write permissions of their unauthorized files constitutes a risk depends largely on the key of the accessed files. Arbitrary access to the temporary file directory (/tmp) by any local user is dangerous. It can potentially lay a path to the next level of attacks.
Level 2: hackers trick legitimate users into telling them confidential information or executing tasks. Sometimes hackers pretend that network administrators send emails to users, ask the user to give the password for the system upgrade.
Attacks initiated by local users generally start with remote logon. For Linux servers, the best way is to place all shell accounts on a single machine, that is, only one or more servers allocated with shell access are registered. This makes it easier to manage logs, access control, release protocols, and other potential security issues. The system that stores user CGI should also be differentiated. These machines should be isolated in specific network segments, that is, they should be surrounded by routers or network switches according to network configurations. Its topology structure should ensure that the hardware address spoofing cannot go beyond this segment.
Attack Level 3: remote users can read and write privileged files.
Level 3 attacks not only verify the existence of specific files, but also read and write these files. This is caused by the following vulnerabilities in Linux server configuration: remote users can execute a limited number of commands on the server without a valid account.
Password Attack is the primary attack method in level 3, and password damage is the most common attack method. Password cracking is a term used to describe the penetration of networks, systems, or resources to unlock password-protected resources when using or without tools. Users often ignore their passwords and the password policy is difficult to implement. Hackers have a variety of tools to defeat passwords protected by technology and society. It mainly includes Dictionary attack, Hybrid attack, and Brute force attack ). Once a hacker has a user's password, he has many privileges. Password conjecture means to manually enter the common password or get the password by compiling the original program. Some users choose simple passwords-such as birthdate, birthdate, and spouse name, but do not follow the rules of mixed use of letters and numbers. It does not take long for a hacker to guess a string of 8-character birthday data.
The best way to defend against Level 3 attacks is to strictly control access to privileges, that is, to use valid passwords.
This includes password rules that should be used in combination with letters, numbers, and cases (because Linux is case sensitive.
Complexity is also added when special characters such as "#", "%", or "$" are used. For example, if you use the word "countbak" and add "# $" (countbak # $) to it, you have a valid password.
[1] [2] Next page