Home IT Linux Windows Database Network Programming Server Mobile  
  Home \ Linux \ Grading defense against Linux server attacks     - Spring3 + SpringMVC + Hibernate4 full annotation environment configuration (Server)

- Using Java to build micro-services (Server)

- Mounting kit under Fedora Linux (Linux)

- Kubernetes resolve application deployment model (Server)

- The development environment to build Nodejs under Ubuntu 14.04 (Linux)

- ORA-00020: No more process state objects available (Database)

- How to view the Linux program or process used in the library (Linux)

- Varnish configuration language VCL and its built-in variables (Server)

- Linux PXE unattended installation PXE-E32: TFTP OPen timeout the solution (Linux)

- Linux non-graphical interface to install Oracle Database (Database)

- RHEL7 system making use of OpenStack mirror (Linux)

- Ubuntu installed racing game Speed Dreams 2.1 (Linux)

- MySQL Tutorial: About checkpoint mechanism (Database)

- Ubuntu installation 2.10.x version of Scala (Linux)

- PostgreSQL 9.4.3 Installation and Configuration under CentOS 6.5 (Database)

- C # mobile side and PC-side data exchange (Database)

- 10 tips daily Docker (Server)

- Oracle Incident Packaging Service (Database)

- MariaDB 10 Multi-source replication (Database)

- Configuring VMWare FreeBSD9.2 remote debugging kernel source code (Linux)

  Grading defense against Linux server attacks
  Add Date : 2017-08-31      
  With the expansion of Linux business applications, a large number of network servers using the Linux operating system. Safety performance of Linux servers are more and more attention, Linux servers under attack here, according to the depth level in the form of lists, and propose different solutions.

Definition of the Linux server attacks are: attacks are designed to interfere with, damage, weaken, undermine the security of Linux servers unauthorized acts. Attack range from denial of service until it can harm and destruction of Linux servers. Linux server attacks on many types of paper from the point of view that the attack depth, we have divided into four attacks.

Attack Level I: Denial of Service (DoS)

Because of the proliferation of DoS attack tools, and the defects for the protocol layer of the short-term it can not change the fact that, DoS has become the most widespread, the most difficult to guard against attacks.

Denial of service attacks include distributed denial of service attacks, distributed denial of service attacks reflective, DNS distributed denial of service attacks, FTP attacks. Most denial of service attacks resulting in relatively low risk of even those may cause the system to restart the attack is only a temporary problem. Such attacks in the largely different from those who want to obtain a network control attacks, generally do not affect safety, but the denial of service attack on the data will continue for a long time, very tough.

So far, there is no absolute way to stop such attacks. But that does not mean that we should fight, in addition to emphasizing the individual host to strengthening the importance of the protection are not being exploited, strengthen the management of the server is a very important part. Be sure to install the software verification and filtering, test the real address of the packet source address. In addition to several denial of service can use the following measures: close unnecessary services, restrictions Syn half the number of connections open simultaneously, shortening the time out Syn half-time connection, update system patches.

Attack Level II: local users to obtain permission to read and write their unauthorized file

Local user password means that there is a machine in any local network, so users have a directory on a drive. Issue local users to access to their unauthorized file read and write access to a large extent depends on whether the danger is a key to access files. Random access to any local user temporary file directory (/ tmp) are dangerous, it can potentially pave a path leading to the next level of attack.

The main attack Level II is: hackers trick legitimate users informed of their confidential information or perform tasks, sometimes hackers will send a message to a user pretending to network managers, it requires the user to upgrade his system password.

Attack level four: the remote user to gain root privileges

The fourth level refers to those attacks thing should never have happened, it is deadly attacks. Root, super user or administrator permissions indicate the attacker has Linux server, you can read, write and perform all the files. In other words, the attacker has full control over the Linux server, you can be able to completely shut down at any time or even destroy the network.

Attack level four main form of attack is a TCP / IP continuous theft, passive channel to listen to and packet interception. TCP / IP continuous theft, passive channel to listen to and packet interception is to gather important information into the network approach, unlike the denial of service attacks, theft of these methods are more similar nature, more difficult to detect concealed. A successful TCP / IP attacks allow hackers to block transactions between the two groups, middlemen attack provides a good opportunity, then one or both hackers will control transactions without being noticed victims. Through passive wiretapping, hackers can manipulate and registration information, the file service, also found the Achilles' heel through from all channels can be on the target system. Looking for the online hackers and password, the application recognizes the legitimate channels. Packet interception is bound in the target system refers to an active listener program to intercept and change all or specific address information. Information can be sent to the illegal system changed to read, then returned without change to the hacker.

TCP / IP is the continuous theft of the actual network sniffer, note that if you believe that someone picked up the sniffer to your network, you can find some tools to verify. This tool is called time domain reflectometry measurement device (Time Domain Reflectometer, TDR). TDR and changes in the electromagnetic wave propagation is measured. A TDR connected to the network, able to detect unauthorized access to network data equipment. However, many small and medium companies without such expensive tools.

The best way to prevent the attack sniffer are:

1, security topology. Sniffer can only capture data on the current network segment. This means that the network segment the more detailed work, the sniffer to collect less information.

2, session encryption. I do not particularly worry about data being sniffed, but finding ways to make sniffing sniffer do not know the data. The advantage of this approach is obvious: even if the attacker to sniff the data, which is of no use to him.

Special Note: counter-measures to deal with attacks

For more than a second level of attack that you should pay special attention. Because they can continue to enhance the attack level to penetrate Linux server. In this case, counter-measures we can take are:

First, back up important business-critical data.

All passwords to change the system to notify users find the system administrator to get a new password.
- Java Access Control (Programming)
- To install network scanning and packet sniffer tool Nmap 7.00 under ubuntu (Linux)
- Linux system security mechanisms to share (Linux)
- Vim copy and paste register (Linux)
- Oracle RAC upgrade to problems encountered (Database)
- Protect your files, modify the Linux value Umask (Linux)
- Linux firewall anti-hacker disguise malicious attacks (Linux)
- Du and df show disk space usage inconsistent Causes and Treatment (Linux)
- Hadoop 2.6.0 standalone configuration and pseudo-distributed configuration under Ubuntu 14.04 (Server)
- C # assembly calls across constants, variables and functions (Programming)
- Mount and unloading disks under Linux (Linux)
- Oracle Listener can not start (TNS-12555, TNS-12560, TNS-00525) (Database)
- Generators and iterators in Python (Programming)
- Linux shell script to adjust the Task Scheduler (Linux)
- Slow update statement Performance Analysis (Database)
- Ubuntu 14.10 / Linux Mint 17.1 Win10 compiler install rdesktop 1.8.3 Remote Desktop connection (Linux)
- Struts2 : combobox label use (Programming)
- SQL statement to repair SQL Server database (Database)
- Use netcat [nc] command on Linux and Unix port scan (Server)
- Oracle index visible and hidden (visible / invisible) (Database)
  CopyRight 2002-2016 newfreesoft.com, All Rights Reserved.