Linux Local Security about Passwords and Data NZPAPER.BLOGSPOT.COM. Nz Paper Linux and Web Application Security. Zeeshan Khan 4/15/2013

Size: px

Start display at page:

Download "Linux Local Security about Passwords and Data NZPAPER.BLOGSPOT.COM. Nz Paper Linux and Web Application Security. Zeeshan Khan 4/15/2013"

Adrian Conley
5 years ago
Views:

1 1 Linux Local Security about Passwords and Data NZPAPER.BLOGSPOT.COM Nz Paper Linux and Web Application Security Zeeshan Khan 4/15/2013

2 2 Abstract: As Passwords and other Linux Data play an important role in overall system security, this paper is intended to discuss the basics of Linux security for passwords and other important data accessing. Keywords: Linux Security, Password Security, Security, Linux OS

3 3 Introduction In this article, we will try to look at some possible local Linux attacks on Data and Passwords. As Linux is a multi user OS, so managing and controlling access to user accounts can be protected by caring about Local Attacks. Any attacker who managed to break into the system, will perform local actions to get passwords, escape privileges, or occupying disc space of any user. This paper, contains some of the local attacks carried out against passwords and system data, and options for how to protect from such attacks. Later, after reading you can assess the security level of your said concerns. Details Basically, there may be Two common types of attacks an attacker performs locally. Password Attacks and Data Attacks. In Password Attacks, the attackers aim is to dump or gain the password of any user (or all system passwords), so that he will be able to go to extend his privileges by getting passwords. The second attack, the Data Attack, is carried out to gain access to sensitive data related to system, or user files. The system data contain the mounting points of the disc, as well as configuration files. With access to these files, the attacker can do lots of things, including stealing data, changing the configurations of user and different services. The attacker can also change the way your system, or system devices work. Both the attacks are very dangerous for the system, as with a good knowledge of attacker, any possible damage can be happened. Discussing about Password Attack, any action taken to gain access to password files, including cracking, stealing, deleting or decryption are the password attacks. Linux generates and stores passwords in /etc/passwd file, which is world readable. The philosophy why this file is world readable, is because various tools and all of users has the right to use it for their purposes. Their tools need to access the file in order to make work properly. The information in this file should not be made public, but it is shared with almost all users of the system. Here, it is better to view the /etc/passwd file by cat /etc/passwd command and disable all the accounts not in use currently. The second security measure is to install a utility tool which can decrypt the said file for controlled access, so that no one else has the power to use this file. Another possible measure is to allow this file to only those users who have an extreme need to use this file, as you will need this case when you run a local network. Another way to protect this file is, to encourage the users to use complex passwords to avoid dictionary attacks from guessing the passwords easily. The powerful method, which is also implemented in earlier flavors of Linux, is to use Shadow system, in which the /etc/passwd remains readable but no longer contains passwords. There are, of course, a high number of

4 4 attacks against passwords, which are usually missed by admins having low knowledge. Take some time to research about security and, for sure you will feel that how much you are still vulnerable to such attacks. Security is hard, remember! Let's discuss about Data Attacks. The next type of attack a local attacker may want to perform is Data attacks. The aim of such attacks is to gain access to user sensitive files as well as gaining access to system configuration files. One of the points, the storage of the online billing system is almost kept in plain text format usually, that's why the Data attacks are carried out to get this information. Second, the configuration files responsible for users and groups, when accessed once, can lead to escape privilege the attacker to Root user. The security measure taken from such attacks, include Data Encryption using appropriate way, including Public or Private Keys. There are lots of tools used for Data Encryption, for example Mcrypt tool is used for Encryption purposes. Similarly File and Directory Permissions play an important role in access level. There is no rocket science in keeping the things secured up to satisfied level. You should include a security step, at the time when different things are taking place. For example: Don't install a third party package before you do your proper satisfaction of its safeness. Similarly, check the system log on a daily basis, and it would be so good to have a tool which prompts you, when a suspected log is found in System Logs. Finally, the security starts from a person's mind. In the above lines, we discussed how can Local Password and Data Attacks affect a system up to Root level privileges. By reading and researching further, you can make a good state of your system to keep your passwords secured from common attacks. You are responsible for your system yourself, nothing can protect you if you do not want to work. That's why every article has lots of security measures hidden, if followed by attackers, can lead them to compromise your system, because you don't follow them. Ok, great, thanks for reading. Conclusion Linux is an Open Source operating system, which means any skilled user can customize the system according to his choice. The customization of Linux components gives maximum benefit to user, but open the door for potential weaknesses too. In a case like this, the system owner must have proper concerns to the sensitive areas of the system like Password files and other data. Proper file permissions as well as automated looking after the files, is a great way to key them secured.

5 References 1. tldp.org. Password Security and Encryption. Tldp.org Nanni, Dan. How to Set Password Policy on Linux. Xmodulo.com linuxtopia.org. Password Security. Linuxtopia.org. /s1-wstation-pass.html 5

Penetration Testing Scope

Penetration Testing Scope Discussing the key areas of the Penetration Testing process 4/18/2013 Nz Paper Linux and Web Application Security - nzpaper.blogspot.com Zeeshan Khan 2 Abstract: The aim of this