D. Farmer and W. Venema. Improving the security of your site by breaking into it. Usenet Posting to comp.security.unix, 3. Dec. 1993.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....Embedding, to proceed or to do damage. This often takes the form of a bootstrapping process: initially, the attacker starts with minimal privileges. Then, using a succession of exploits and attacks, an attacker gains successively greater privileges until he has complete control over the system [Farmer93]. Alternatively, this could be bound to the Penetration step: many services run with extensive privileges, and grant an attacker those privileges when compromised (effectively allowing an attacker to bypass this step which is why most services run with as few privileges as possible) 5. ....

....to the trusting system. Another is based on the fact that under some systems (such as some Unix variants) users can control which other machines are trusted (using the .rhosts file) A common escalation step in attacking such a host is to modify this file, to allow the attacker free access. See [Farmer93] for an example of the process involved. Social Engineering. This type of attack is one of the oldest, and most effective way of bypassing security mechanisms: fool somebody with the ability to do it for you. Variations range from guessing information based on the attacker s knowledge of the ....

[Article contains additional citation context not shown here]

Dan Farmer, Wietse Venema "Improving the Security of Your Site by Breaking Into it", ftp://ftp.porcupine.org/pub/security/admin-guide-to-cracking.101.Z, December 1993.

....world readability and its well known location make it trivial for an intruder to access the file. Therefore, some administrators create a non worldreadable shadow password file, etc shadow, that contains the users actual passwords, while the etc passwd file contains the other information. [1, 8] 3.1.2 File System Security Each file in the UNIX file system has associated with it an inode which is part of a file descriptor that describes the properties of the file. These properties include file access permissions, linking information, and other file attributes. Directories are treated as ....

D. Farmer, W. Venema. Improving the Security of Your Site by Breaking Into It, 1993. ftp://ftp.win.tue.nl/pub/security/admin-guide-to-cracking.Z.

....be kept on an internal system that is not accessible via the Internet. To keep the system available, regular checks concerning the state of the security of the applications, the operating system and the network configuration should be carried out using appropriate tools like ISS [14] or SATAN 10 [11]. Server applications such as scripts or servlets should be checked for correctness, to prevent an attacker from using it as an entrance to the system 11 . To prove his identity the merchant should obtain a server certificate from an acknowledged and trusted CA. Integrative approaches to ....

Dan Farmer and Wietse Venema. Improving the Security of Your Site by Breaking Into it. http://wzv.tue.nl/satan/admin-guide-to-cracking.html, 1993.

.... mechanical random devices (e.g. lottery machines, dices) physical random (e.g. radioactive decay) and human behaviour (e.g. keyboard interrupt times) Multiprocessing and networking devices can also be a source of random bits [Wob98] Here s an example (adapted from the UNIX security tool SATAN [FV93] which uses the current process and network status to generate random bits: ps el netstat na netstat s ls lLRt dev w) md5 6 Note that the Message Digest 5 (MD5) IETF RFC 1321] secure hash algorithm is used to scramble the text output of the other programs into a 16 byte sequence. ....

Dan Farmer and Wietse Venema. Improving the security of your site by breaking into it. ftp://ftp.porcupine.org/pub/security/admin-guideto -cracking.101.Z, 1993.

....To deal with concerns about insufficient data collection mentioned in section 3, we prefer to collect too much data than too little. Thus, tools such as snoop and tcpdump help, because they are raw packet sniffers. 5 Conclusions Network security assessment was pioneered by the work on SATAN [18]. Since then, several commercial products have been released whose testing architecture is similar to that of SATAN. But these products do not always suit a security administrator s needs. In this paper, we have discussed the shortcomings with such network security assessment tools and provided a ....

Dan Farmer and Wietse Venema, Improving the Security of your Site by Breaking into it, Available from http://www.alw.nih.gov/Security/Docs/admin-guide-to-cracking.101.html.

....release process. This tool was developed by van der Hoek, Hall, Heimbigner and Wolf[1] Using the Software Release Management tool, a software user can retrieve complex software systems via the internet. Allowing users to retrieve software over the internet, however, does evoke some concern[2]. By introducing an access control layer into the SRM retrieval process, one can limit the possibility of uninvited software retrieval and usage. Access control can be used to authenticate a user and verify authorization to retrieve the requested software package. A licensing layer provides a ....

Dan Farmer, Sun Microsystems, Incorporated. Improving the Security of Your Site by Breaking Into it. Available on the world wide web at http://www.alw.nih.gov/Security/Docs/admin-guideto -cracking.101.htm.

....is whether the students in our experiments constitute a good approximation of real attackers. In reasoning about security, the discussion often quickly reaches the point where the goal is to protect the system against the most skilled and powerful attacker in the world. The term bercracker [3] has been used for this picture of a diabolic, omnipotent adversary. We did not wish to investigate the bercracker, partly because most people in the security community are already doing that. We wanted to see how ordinary computer users with academic training in computer science and ....

Dan Farmer and Wietse Venema. Improving the security of your site by breaking into it. Posted on comp.security.unix and several other Usenet newsgroups, December 1993.

....the status quo in security analysis. 2 Penetrate and patch, tiger teams, and the status quo A number of software tools have been developed in recent years to support post facto security analysis of installed computer systems. Perhaps the most popularly known network scanning tool is SATAN [5]. SATAN was developed by Dan Farmer and Wietse Venema to probe hosts on a network domain for known security vulnerabilities. While the flaws that SATAN detects and the tests SATAN uses are not novel, the graphical interface and ease of use were both innovative when SATAN was released. SATAN s ....

D. Farmer and W. Venema. Improving the security of your site by breaking into it. Available by ftp from ftp://ftp.win.tue.nl/pub/security /admin-guide-to-cracking.101.Z, 1993.

....will. Intruders having penetrated a system often have methods to gain the highest privileges when they can access a shell. Therefore it is important to protect shells against unauthorized usage. The established protocols for remote shell usage are intrinsically insecure (telnet, rlogin, rsh, etc. [Cur92, FV93, CB94, CZ95, SH95, GS96, Jon95, Kla95, dari96]. Several protocol enhancements have been proposed and standardized in the past but most of them have never been widely accepted 1 [Bor93a, RFC 1411] Ala93, RFC 1412] Bor93b, RFC 1416] HM96, RFC 1938] Lin96, RFC 1964] etc. This does not apply to one approach to secure remote shells, ....

....If SSH supports the mediation of X11 traffic the resistance of the user s machine does not merely depend on its own security but also on the overall security of the remote shell hosts in use. This situation recalls problems usually known from trust networks such as employed by rlogin, rsh, etc. [FV93, dari96]. In case one of the remotely used SSH server hosts is infiltrated, evil might befall the SSH client machine. Keep in mind that the attack described is only feasible during the exploited SSH channel s lifetime. 6 Countermeasures As anticipated above the SSH client host s X server needs to be ....

Dan Farmer and Wietse Zweitze Venema. Improving the security of your site by breaking into it, 1993.

....the views and conclusions contained in this document are those of the authors and should not be interpreted as representing the official policies, either expressed or implied, of the defense advanced research projects agency or the u.s. government. level vulnerabilities for a given site [2, 3, 9, 5]. These tools do not provide an assessment of an organization s vulnerability to novel threats against vulnerable software. Recognizing that 90 of military systems use commercial architectures [10] the problem of untrusted software becomes of critical importance to those concerned with ....

D. Farmer and W. Venema. Improving the security of your site by breaking into it. Available by ftp from ftp://ftp.win.tue.nl/pub/security /admin-guide-to-cracking.101.Z, 1993.

....or its administrative procedures, that cause it to enter a vulnerable state. That attackers can, and do, exploit system vulnerabilities is widely known; indeed, detailed descriptions of how to find vulnerable states have appeared in various periodicals such as PHRACK and 2600, and on the USENET [1]. All these discussions essentially show how to probe a system for clues that indicate the system is running software known to be vulnerable, or that it is being managed in such a way as to allow an attacker to exploit a vulnerability. The issue of how to find the underlying vulnerabilities in the ....

....the TCP specification was released) 3.12. Summary Figure 2 summarizes the number of flaws in this section on each axis of the classification scheme. As more flaws are classified (and we emphasize that the 9 listed are by no means exhaus 18 tive; for example, of the many flaws listed in [1], most are problems in configuring the protection domain, and experience shows these should be more dominant than in our sample) the data in these charts will become more complete, and more accurate conclusions can be drawn. For now, the most interesting statistic is the location of the first ....

Dan Farmer and Wietse Venema, "Improving the Security of Your Site by Breaking Into It," USENET posting (Dec. 1993)

....penetrate and patch tactics were the domain of elite security professionals and consultants whose methods and tools were as secretive as their services were expensive. More recently, many of their methods and tools have been captured in public domain security tools like Satan, COPS, ISS, and TAMU [2, 3, 7, 6]. These tools have been hailed as bringing computer security analysis to the average desktop computer user. They have also been criticized for putting years of security experience into the hands of computer crackers in the form of simple point andclick tools. It is exactly these sorts of tools ....

D. Farmer and W. Venema. Improving the security of your site by breaking into it. Available by ftp from ftp://ftp.win.tue.nl/pub/security /admin-guide-to-cracking.101.Z, 1993.

.... domains (see Schuba and Spafford(August 1993) 5 ) Information about common weaknesses has been brought into the open by various commentators, in an attempt to alert system administrators to the mechanisms of attach, for example see Improving the Security of your Site by Breaking into it 6 [Farmer and Venema(1993)] however the techniques described were used in the cracking incident described in this report. The Need For Tripwire Nov 14, 1994 5 Vendors typically supply unix in open configuration with most services available. Enabling NFS, may enable various R commands (finger, rusers) which give ....

Dan Farmer and Wietse Venema, Improving the Security of Your Site by Breaking into it, ftp admin-guide-to-cracking.101.Z ftp.win.tue.nl 7

....A key problem is to select which intrusions to simulate. The testers should first collect as much intrusion data as possible. For UNIX systems, 20] and [5] report that intrusion data can be obtained from various sources, such as CERT advisories, periodicals such as PHRACK and 2600, and the USENET [10], and also by analyzing the vulnerabilities detected by security tools such as COPS [11] and TIGER [30] Next, assuming that the number of intrusions is too large to simulate all of them, the testers must partition the set of intrusions into classes, and then create a representative subset of ....

D. Farmer and W. Venema, "Improving the Security of Your Site by Breaking Into It," USENET posting, December 1993.

....of UNIX. 2. Related Work An Intrusion Detection System (IDS) continuously monitors some dynamic behavioral characteristics of a computer system to determine if an intrusion has occurred. This definition excludes many useful computer security methods. Security analysis tools, such as SATAN [16] and COPS [15] are used to scan a system for weaknesses and possible security holes. They are not IDS because they do not monitor some dynamic characteristic of the system for intrusions or evidence of intrusions, rather they scan the system for weaknesses such as configuration errors or poor ....

Farmer D, Venema W. Improving the Security of your Site by Breaking into It. ftp://ftp.win.tue.nl/pub/security/admin-guide-to-cracking.101.Z. 1995.

....found are: lists 7.4 common names 4.0 user account name 2.7 phrases and patterns 1.8 women s names 1.2 men s names 1.0 machinenames 1.0 Comparing these results to the ones above is of little use because of the limited extent of this investigation. A somewhat more extensive research (see [Far]) was concerned with passwordfiles of several .COM systems (computers owned by US companies) One would expect companies to have good security measurements, but the passwords kept coming in, with the first root password ( after little more than an hour. There was a total of 1594 passwords of ....

DAN FARMER, WIETSE VENEMA, Improving the Security of Your Site by Breaking Into it, USENET newsgroup comp.security.unix, can be obtained by anonymous ftp from ftp.win.tue.nl as /pub/security/admin-guide-to-cracking.Z , 1993.

No context found.

D. Farmer and W. Venema. Improving the security of your site by breaking into it. Usenet Posting to comp.security.unix, 3. Dec. 1993.

No context found.

Dan Farmer and Wietse Venema. Improving the security of your site by breaking into it. http://www.trouble.org/security/ admin-guide-to-cracking.html, December 1993.

No context found.

D. Farmer and W. Venema, Improving the Security of Your Site by Breaking Into It, USENET posting, December 1993.

No context found.

Farmer, Dan and Wietse Venema, "Improving the Security of Your Site by Breaking Into It," Computer Security Newsgroup, 1993.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC