Describe the fundamentals of the Linux operating system. Describe the vulnerabilities of the Linux operating system. | LESSON 9 Linux Operating System Vulnerabilities and security Objectives Describe the fundamentals of the Linux operating system Describe the vulnerabilities of the Linux operating system Describe Linux remote attacks Explain countermeasures for protecting the Linux operating system Review of Linux Security Fundamentals Linux is a version of UNIX Usually available free Red Hat Ubuntu Mandrak Sambian Knoppix Crack Password /etc/passwd sc/etc/shadow Root:2bcadvr345:0:0:root: /root: /bin/bash John The Ripper Viper Slurple Linux File System Ls –l -r-x-r-x-wx Chmod 777 Firewall: iptables Linux OS Vulnerabilities Nessus can be used to Discover vulnerabilities related to SMB and NetBIOS Enumerate shared resources Discover the root password Linux OS Vulnerabilities Test Linux computer against common known vulnerabilities Review the CVE and CAN information Differentiate between local attacks and remote attacks Remote attacks are harder to perform Remote Access Attacks on Linux Systems Attacking a network remotely requires Knowing what system a remote user is operating The attacked system’s password and login accounts Installing Trojan Programs Trojan programs spread as E-mail attachments Fake patches or security fixes that can be downloaded from the Internet Trojan program functions Allow for remote administration Create a FTP server on attacked machine Steal passwords Log all keys a user enters, and e-mail results to the attacker Installing Trojan Programs Linux Trojan programs are sometimes disguised as legitimate programs Trojan programs can use legitimate outbound ports Firewalls and IDSs cannot identify this traffic as malicious Example: Sheepshank It is easier to protect systems from already identified Trojan programs Remote Shell Dextenea Installing Trojan Programs Rootkits Contain Trojan binary programs ready to be installed by an intruder with root access to the system Attacker hide the tools used for later attacks Replace legitimate commands with Trojan programs Example: LRK5 Security testers should check their Linux systems for rootkits Rootkit Hunter Chkrootkit | LESSON 9 Linux Operating System Vulnerabilities and security Objectives Describe the fundamentals of the Linux operating system Describe the vulnerabilities of the Linux operating system Describe Linux remote attacks Explain countermeasures for protecting the Linux operating system Review of Linux Security Fundamentals Linux is a version of UNIX Usually available free Red Hat Ubuntu Mandrak Sambian Knoppix Crack Password /etc/passwd sc/etc/shadow Root:2bcadvr345:0:0:root: /root: /bin/bash John The Ripper Viper Slurple Linux File System Ls –l -r-x-r-x-wx Chmod 777 Firewall: iptables Linux OS Vulnerabilities Nessus can be used to Discover vulnerabilities related to SMB and NetBIOS Enumerate shared resources Discover the root password Linux OS Vulnerabilities Test Linux computer against common known vulnerabilities Review the CVE and CAN information Differentiate between .