Professional Documents
Culture Documents
Rahul Singh 21csmsa109
Rahul Singh 21csmsa109
Rahul Singh 21csmsa109
Hacking
It is a form of planning or a technique that people use to get access to various
unauthorized systems, software, and devices. In simpler words, hacking is the
process of gaining access to a computer or a network that might not be legal or
permitted for any random user. The people who master hacking are very skilled
with computer systems and have a great deal of knowledge about various
software and hardware devices.
The people who have hacking skills are basically of three types:
Hackers
Crackers
Phreakers
Hackers-
These are people who hack devices and systems with good intentions. They
might hack a system for a specified purpose or for obtaining more knowledge
out of it. Hackers work by finding loopholes in a given system and by covering
these loopholes. They are basically programmers who gather extensive
knowledge regarding programming languages and operating systems (OS).
They never intend to harm, compromise, or damage any system data.
Crackers-
These are people who hack a system by breaking into it and violating it with
some bad intentions. They may hack a system remotely for stealing the
contained data or for harming it permanently. In simpler words, crackers
destroy the data and information contained in a system by getting unauthorized
access to its concerned network. They always keep their works hidden because
what they do is illegal and mostly prohibited or forbidden. A cracker can easily
bypass your device’s passwords, company websites, social media, personal
bank details and can use those details for directly transferring money from your
bank.
Phreakers
Phreakers are hackers who specialize in attacks on the telephone system.
Phreakers originally referred to groups who reverse-engineered the system of
tones used to route long-distance calls. Phreakers re-created these tones,
enabling them to switch calls from their phone handset and make free calls
toanywhere in the world. Phreaking essentially ended in 1983 when telephone
companies upgraded their lines to common channel interoffice signaling (CCIS),
which separated signaling from the voice line. Modern phreaking involves
breaking into and manipulating the phone company’s computer system,
making it specialized hacking. Phreaking is distinct from “phone hacking,”
which uses telephone technology to steal information.
Today’s Operating Systems (OS) are loaded with features and are increasingly
complex. While users take advantage of these features, they are prone to more
vulnerabilities, thus enticing attackers. Operating systems run many services
such as graphical user interfaces (GUIs) that support applications and system
tools and enable Internet access. Extensive tweaking is required to lock them
down. Attackers constantly look for OS vulnerabilities that allow them to
exploit and gain access to a target system or network. To stop attackers from
compromising the network, the system or network administrators must keep
abreast of various new exploits and methods adopted by attackers and monitor
the networks regularly.
2. Misconfiguration Attacks.
3. Application-Level Attacks.
Software developers are often under intense pressure to meet deadlines, which
can mean they do not have sufficient time to completely test their products
before shipping them, leaving undiscovered security holes. This is particularly
troublesome in newer software applications that come with a large number of
features and functionalities, making them more and more complex. An increase
in the complexity means more opportunities for vulnerabilities. Attackers find
and exploit these vulnerabilities in the applications using different tools and
techniques to gain unauthorized access and steal or manipulate data.
Software developers often use free libraries and code licensed from other
sources in their programs to reduce development time and cost. This means that
large portions of many pieces of software will be the same, and if an attacker
discovers vulnerabilities in that code, many pieces of software are at risk.
5. Man-in-the-middle (MitM) attack.
A MitM attack occurs when a hacker inserts itself between the communications
of a client and a server. Here are some common types of man-in-the-middle
attacks:
Session hijacking
IP Spoofing
Replay
6. Phishing and spear phishing attacks.
Phishing attack is that the practice of sending emails that appear to be from
trusted sources with the goal of gaining personal information or influencing
users to do something. It combines social engineering and technical trickery. It
could involve an attachment to an email that loads malware onto your computer.
It could even be a link to an illegitimate website which will trick you into
downloading malware or handing over your personal information.
7. Drive-by attack.
File Security
Access rights: Linux's first line of defence
The Linux security model is based on the one used on UNIX systems and is as
rigid as the UNIX security model (and sometimes even more), which is already
quite robust. On a Linux system, every file is owned by a user and a group user.
There is also a third category of users, those that are not the user owner and
don't belong to the group owning the file. For each category of users, read, write
and execute permissions can be granted or denied.
The ls -l command displays file permissions for these three user categories; they
are indicated by the nine characters that follow the first character, which is the
file type indicator at the beginning of the file properties line. As seen in the
examples below, the first three characters in this series of nine display access
rights for the actual user that owns the file. The next three are for the group
owner of the file, the last three for other users. The permissions are always in
the same order: read, write, execute for the user, the group and the others. Some
examples:
rahul:~> ls -l To_Do
-rw-rw-r-- 1 rahul users 5 Jan 15 12:39 To_Do
rahul:~> ls -l /bin/ls
-rwxr-xr-x 1 root root 45948 Aug 9 15:01 /bin/ls*
The first file is a regular file (first dash). Users with user name rahul or users
belonging to the group users can read and write (change/move/delete) the file,
but they can't execute it (second and third dash). All other users are only
allowed to read this file, but they can't write or execute it (fourth and fifth dash).
The second example is an executable file, the difference: everybody can run this
program, but you need to be root to change it.
The Info pages explain how the ls command handles display of access rights in
detail, see the section What information is listed.
For easy use with commands, both access rights or modes and user groups have
a code. See the tables below.
Access mode codes
Code Meaning
0 or - The access right that is supposed to
be on this place is not granted.
4 or r read access is granted to the user
category defined in this place
2 or w write permission is granted to the
user category defined in this place
1 or x execute permission is granted to the
user category defined in this place
This straight forward scheme is applied very strictly, which allows a high level
of security even without network security. Among other functions, the security
scheme takes care of user access to programs, it can serve files on a need-to-
know basis and protect sensitive data such as home directories and system
configuration files.
You should know what your user name is. If you don't, it can be displayed using
the id command, which also displays the default group you belong to and
eventually other groups of which you are a member:
rahul:~> id
uid=504(rahul) gid=504(rahul) groups=504(rahul),100(users),2051(org)
Your user name is also stored in the environment variable USER:
rahul:~> echo $USER
Rahul
Q 5.) Discuss various Linux/Unix security principles.
Sol-
It is still common that people do not know where to start when it comes to
information security. With 5 basic principles we can improve the Linux system
security and question ourselves if we have done enough.
1. Know your system(s)
The first principle is about knowing what your system is supposed to do. What
is its primary role, what software packages does it need and who needs access?
By knowing the role of the system you can better defend it against known and
unknown threats.
Security Measures:
Password policy
Proper software patch management
Configuration management
Documentation
You can only protect a system the right way, if you know what threats you are
facing. Why would this system be a target and who would be targeting it?
Perform a risk analysis and determine what potential threats your system
might endure.
Security Measures:
Vulnerability scans
Penetration tests
Risk analysis
Q 6.) What do you understand by system security holes? How they can be
plugged?
Sol-
A system security hole is a flaw or weakness in system security procedures,
design, implementation, or internal controls that could be exercised
(accidentally triggered or intentionally exploited) and result in a security breach
or a violation of the system's security policy. Alternatively referred to as a
security hole, a vulnerability is a security weakness in a computer system that
permits unauthorized or unwelcome access. For example, an Internet browser
could have a vulnerability that crashes the browser or grants someone else
access to files on your computer when you visit their site.
When a vulnerability is detected in software, its developer must update or patch
the insecure code. However, if the program is no longer supported by the
developer, it cannot get fixed and remains vulnerable. If the vulnerability is with
a network, it would be up to the network administrator to correct it.
Lock the machines to limit the access: If you have a janitorial staff or a
rented facility with other company, you should lock your systems to prevent
unauthorized access. In 2000, a news report said that hard drives containing
nuclear secrets were stolen from the Los Alamos National Laboratory. Like
many other companies, you can get an internal access system which notifies
you when the machine is open by ringing an alarm. Another way to limit the
access is to buy systems having internal jumper pins. These pins can be
shorted to reset the settings as per requirement. Companies must make it a
policy that any employee, when leaving his desk, must lock the system. Most
corporate espionage is done when someone away from the work area has left
confidential documents unsecured on the system.
Encrypt the data: Encrypt your data to prevent your transactions from being
sniffed. Maximum keys should be applied to the individual values of a
message before scrambling them. A 40 or 56-bit encryption is usually
considered as weak. Pretty Good Privacy (PGP) is a software encryption
program that is freely available on net.
Beth 4.00 0
Dan 3.75 0
Kathy 4.00 10
Mark 5.00 20
Mary 5.50 22
Susie 4.25 18
-| Jan 13 25 15 115
-| Jun 31 42 75 492
-| Jul 24 34 67 436
-| Jan 21 36 64 620
So does this:
awk '{ if ($1 ~ /J/) print }' inventory-shipped
exp !~ /regexp/
This is true if the expression exp (taken as a character string) is not matched by
regexp. The following example matches, or selects, all input records whose first
field does not contain the upper-case letter `J':
$ awk '$1 !~ /J/' inventory-shipped
-| Feb 15 32 24 226
-| Mar 15 24 34 228
-| Apr 31 52 63 420
-| May 16 34 29 208
...
When a regexp is written enclosed in slashes, like /foo/, we call it a regexp
constant, much like 5.27 is a numeric constant, and "foo" is a string constant.
Regular expressions are made of:
Ordinary characters such as space, underscore(_), A-Z, a-z, 0-9.
Meta characters that are expanded to ordinary characters, they include:
(.) it matches any single character except a newline.
(*) it matches zero or more existences of the immediate character preceding
it.
[ character(s) ] it matches any one of the characters specified in character(s),
one can also use a hyphen (-) to mean a range of characters such as [a-f], [1-5],
and so on.
^ it matches the beginning of a line in a file.
$ matches the end of line in a file.
\ it is an escape character.
Q 9.) Explain how user defined functions are written in AWK, write a
function to compute factorial of a number.
Sol-
Functions are basic building blocks of a program. AWK allows us to define our
own functions. A large program can be divided into functions and each function
can be written/tested independently. It provides re-usability of code.
Given below is the general format of a user-defined function –
Syntax:
Function function_name(argument1.argument2,…)
{
Function body
}
In this syntax, the function_name is the name of the user-defined function.
Function name should begin with a letter and the rest of the characters can be
any combination of numbers, alphabetic characters, or underscore. AWK's
reserve words cannot be used as function names.
Functions can accept multiple arguments separated by comma. Arguments are
not mandatory. You can also create a user-defined function without any
argument.
function body consists of one or more AWK statements.
Q 10.) Explain the difference between shadow password file and normal
password file in linux. Give the structure of both the files
Sol-
NORMAL PASSWORD-
Traditional Unix systems keep user account information, including one-way
hashed passwords, in a text file called /etc/passwd. As this file is used by many
tools (such as ls) to display file ownerships, etc. by matching user id #'s with the
user's names, the file needs to be world-readable. Consequentally, this can be
somewhat of a security risk.
1. user name: It is used when user logs in. It should be between 1 and 32
characters in length.
2. password: An x character indicates that encrypted password is stored in
/etc/shadow file. Please note that you need to use the passwd command to
computes the hash of a password typed at the CLI or to store/update the hash of
the password in /etc/shadow file.
3. user id : Each user must be assigned a user ID (UID). UID 0 (zero) is
reserved for root and UIDs 1-99 are reserved for other predefined accounts.
Further UID 100-999 are reserved by system for administrative and system
accounts/groups.
4. group id: The primary group ID (stored in /etc/group file)
5. userid info: The comment field. It allow you to add extra information about
the users such as user’s full name, phone number etc. This field use by finger
command.
6. home directory: The absolute path to the directory the user will be in when
they log in. If this directory does not exists then users directory becomes /
7. command/shell: The absolute path of a command or shell (/bin/bash).
Typically, this is a shell. Please note that it does not have to be a shell. For
example, sysadmin can use the nologin shell, which acts as
a replacement shell for the user accounts. If shell set to /sbin/nologin and the
user tries to log in to the Linux system directly, the /sbin/nologin shell closes
the connection.
SHADOW PASSWORD--
Another method of storing account information, is with the shadow password
format. As with the traditional method, this method stores account information
in the /etc/passwd file in a compatible format. However, the password is stored
as a single "x" character (ie. not actually stored in this file). A second file, called
/etc/shadow, contains encrypted password as well as other information such as
account or password expiration values, etc. The /etc/shadow file is readable
only by the root account and is therefore less of a security risk.
3. Last password change (lastchanged) : The date of the last password change,
expressed as the number of days since Jan 1, 1970 (Unix time). The value 0 has
a special meaning, which is that the user should change her password the next
time she will log in the system. An empty field means that password aging
features are disabled.
4. Minimum : The minimum number of days required between password
changes i.e. the number of days left before the user is allowed to change her
password again. An empty field and value 0 mean that there are no minimum
password age.
5. Maximum : The maximum number of days the password is valid, after that
user is forced to change her password again.
6. Warn : The number of days before password is to expire that user is warned
that his/her password must be changed
7. Inactive : The number of days after password expires that account is
disabled.
8. Expire : The date of expiration of the account, expressed as the number of
days since Jan 1, 1970.
The last 6 fields provides password aging and account lockout features. You
need to use the chage command to setup password aging. According to man
page of shadow – the password field must be filled. The encrypted password
hash consists of 13 to 24 characters from the 64 character alphabet a through z,
A through Z, 0 through 9, \. and /. Optionally it can start with a “$” character.
This means the encrypted password was generated using another (not DES)
algorithm. For example if it starts with “$1$” it means the MD5-based
algorithm was used. If a password field which starts with a exclamation mark (!)
means that the password is locked. The remaining characters on the line
represent the password field before the password was locked.