Unix/Linux Systems Vulnerabilities and Controls

Unix/Linux Systems Vulnerabilities and Controls Unix/Linux Control and Vulnerabilities During Enumeration UNIX is one of the most popular operating systems in the world today. Originally developed in the late 1960's, it has been upgraded numerous times in the ensuing decades to garner a ubiquity rivaled by few other computer operating systems, and is currently responsible for running some of the most popular mobile devices, workstations and services for personal and professional use.

While Unix's client-server program model was influential in the development of computer networks and the internet itself, its scion Linux (which is a system of operating systems similar to Unix which are based upon the Linux kernel) is possibly even more popular. Linux is responsible for the operation of a host of computer hardware including video game consoles, routers, phones, servers, mainframes and supercomputers.

Despite the prominent prevalence of these systems, or possibly even because of that prevalence, Unix and Linux have a considerable amount of vulnerability to attacks from hackers, particularly during the enumeration phase. Hacking is generally considered a six step process in which an unknown (and frequently unwanted) user is able to infiltrate a computer or an entire network and access its information, to be leveraged in any way which the offender desires.

Enumeration is generally considered the second or third stage of hacking, and typically follows the scanning process in which the infiltrator engages in a series of observations to profile a computer's system to gather information about it. Enumeration, then, is one of the most crucial phases of hacking in which the infiltrator gathers information about a system and profiles the weakest host as a means of entry.

This is the stage in which an unknown user identifies user accounts and insufficiently protected resources for a computer's system, and searches for valuable data to help him or her penetrate the system. This information-gathering process is also known as reconnaissance and is one of the key areas in which Unix has vulnerabilities which lend itself to just such an attack.

The specific sort of information a hacker is looking for during enumeration includes a determining of the network range, the discovery of open ports and access points, as well as the identification of active machinery and possible vulnerable user accounts. Some of the more common tools employed by hackers for achieving these goals include the usage of ping sweepers, vulnerability scanners and banner grabbers.

A ping sweeper is used to deploy ping sweeps, which can determine an array of internet protocol addresses which route to live hosts, which may possibly be used by hackers. Nmap is a commonly used tool that enables ping sweeps for Unix systems, while traditional ping sweep tools like fping (which has been frequently used with gping to ascertain hosts for subnets) have been used as well.

Vulnerability scanners, which may be used as an integral part of vulnerability protection, can be deployed by hackers to find points of weaknesses in computing systems and to supply a ready list of vulnerable areas in a network. Banner grabbers function somewhat similarly to ping sweepers in that they enumerate information about a network's computers and the specific services running its open ports. Hackers can use these tools to locate network hosts that employ forms of operating systems and applications with confirmed vulnerabilities.

Linux has a number of vulnerabilities that may be exploited during the enumeration phase, the vast majority of which have to do with providing user information, usernames, and in some cases, even passwords. This particular operating system has a penchant for not verifying the authenticity of users or their addresses, which hackers can definitely use to their advantage. One specific example can be found in Linux's employment of the Reliable Datagram Sockets (RDS) protocol, which involves unpatched versions of the Linux kernel in areas such as 2.6.30.

When there are no restrictions for unprivileged users and if the option for config_rdskernel configuration is set, hackers can write arbitrary values into kernel memory (by making specific types of socket function calls) since kernel software has not authenticated that the user address is actually found in the user segment. The lack of verification of the user address can provide hackers to gain privileges and access to areas that they should not have, since they are not users with an address residing in the proper user segment.

Perhaps the most insecure facet of Unix systems can be found in the usage of r-tools, which also routinely fail to verify the authenticity of user names and addresses. In theory, r-tools are supposed to function as a measure of convenience which allows privileged users the ability to login to networks and individual computers without presenting a password.

Yet this same potential allows for intruders to gain entry into these same systems due to the r-tools' penchant for "trusting" hostnames and usernames based on Unix authentication, which is not always authentic.

The most frequently found r-tools in Unix include rlogin (which runs on the TCP port 513 and creates a remote shell on a particular systems, rsh (which functions similarly to rlogin with the exception that it completes a command on a remote host and returns its output), and rcp (which replicates file information to or from a remote host). Rwho is one of the most valuable r-tools for a hacker, since it communicates with rwho machines and determines which users are logged into what aspect of a local subnet.

Such a tool could allow hackers to gain several verified usernames for hosts. Rexec is nearly identical in function to rsh, except that the former can provide information about passwords if they are stored in a user's shell history. There are several controls and means of protection to defend a computer or a targeted network from the unwanted presence of hackers in the enumeration phase. Some of these means are directly related to the vulnerabilities previously outlined. In the case of the.