Home PC Games Linux Windows Database Network Programming Server Mobile  
  Home \ Linux \ Grading defense against Linux server attacks     - Hutchison DG standby database CPU consumption reached bottleneck repair (Database)

- Let the terminal under Mac OS X as like Linux has displayed a variety of colors (Linux)

- CentOS iptables firewall enabled (Linux)

- Ubuntu 12.04 / 14.04 users to install software LyX document processing (Linux)

- CentOS RedHat YUM Source Extensions Supplement (including 32-bit, 64-bit) (Linux)

- Swift string common method (Programming)

- Storm basic framework for analysis (Programming)

- There are three ways to run a Linux operating system from a USB stick (Linux)

- Use this one-time password via SSH secure login Linux (Programming)

- Camouflage Nginx Web server version to prevent invasion (Linux)

- How to install Kernel 4.0.2 on CentOS 7 (Linux)

- Cancel Root Command History under Linux (Linux)

- RedHat 6 xrdp use remote login interface (Linux)

- MySQL optimization resulting order by using filesort (Database)

- Depth understanding of C language (Programming)

- How open source code libraries hosted on Github (Linux)

- Java developers question (Programming)

- Linux operating system set up to effectively prevent ARP attacks (Linux)

- RedHat6.4 installation tutorial --- Minimal Edition (Linux)

- Linux excellent text editor (Markdown, LaTeX, MathJax) (Linux)

  Grading defense against Linux server attacks
  Add Date : 2017-08-31      
  With the expansion of Linux business applications, a large number of network servers using the Linux operating system. Safety performance of Linux servers are more and more attention, Linux servers under attack here, according to the depth level in the form of lists, and propose different solutions.

Definition of the Linux server attacks are: attacks are designed to interfere with, damage, weaken, undermine the security of Linux servers unauthorized acts. Attack range from denial of service until it can harm and destruction of Linux servers. Linux server attacks on many types of paper from the point of view that the attack depth, we have divided into four attacks.

Attack Level I: Denial of Service (DoS)

Because of the proliferation of DoS attack tools, and the defects for the protocol layer of the short-term it can not change the fact that, DoS has become the most widespread, the most difficult to guard against attacks.

Denial of service attacks include distributed denial of service attacks, distributed denial of service attacks reflective, DNS distributed denial of service attacks, FTP attacks. Most denial of service attacks resulting in relatively low risk of even those may cause the system to restart the attack is only a temporary problem. Such attacks in the largely different from those who want to obtain a network control attacks, generally do not affect safety, but the denial of service attack on the data will continue for a long time, very tough.

So far, there is no absolute way to stop such attacks. But that does not mean that we should fight, in addition to emphasizing the individual host to strengthening the importance of the protection are not being exploited, strengthen the management of the server is a very important part. Be sure to install the software verification and filtering, test the real address of the packet source address. In addition to several denial of service can use the following measures: close unnecessary services, restrictions Syn half the number of connections open simultaneously, shortening the time out Syn half-time connection, update system patches.

Attack Level II: local users to obtain permission to read and write their unauthorized file

Local user password means that there is a machine in any local network, so users have a directory on a drive. Issue local users to access to their unauthorized file read and write access to a large extent depends on whether the danger is a key to access files. Random access to any local user temporary file directory (/ tmp) are dangerous, it can potentially pave a path leading to the next level of attack.

The main attack Level II is: hackers trick legitimate users informed of their confidential information or perform tasks, sometimes hackers will send a message to a user pretending to network managers, it requires the user to upgrade his system password.

Attack level four: the remote user to gain root privileges

The fourth level refers to those attacks thing should never have happened, it is deadly attacks. Root, super user or administrator permissions indicate the attacker has Linux server, you can read, write and perform all the files. In other words, the attacker has full control over the Linux server, you can be able to completely shut down at any time or even destroy the network.

Attack level four main form of attack is a TCP / IP continuous theft, passive channel to listen to and packet interception. TCP / IP continuous theft, passive channel to listen to and packet interception is to gather important information into the network approach, unlike the denial of service attacks, theft of these methods are more similar nature, more difficult to detect concealed. A successful TCP / IP attacks allow hackers to block transactions between the two groups, middlemen attack provides a good opportunity, then one or both hackers will control transactions without being noticed victims. Through passive wiretapping, hackers can manipulate and registration information, the file service, also found the Achilles' heel through from all channels can be on the target system. Looking for the online hackers and password, the application recognizes the legitimate channels. Packet interception is bound in the target system refers to an active listener program to intercept and change all or specific address information. Information can be sent to the illegal system changed to read, then returned without change to the hacker.

TCP / IP is the continuous theft of the actual network sniffer, note that if you believe that someone picked up the sniffer to your network, you can find some tools to verify. This tool is called time domain reflectometry measurement device (Time Domain Reflectometer, TDR). TDR and changes in the electromagnetic wave propagation is measured. A TDR connected to the network, able to detect unauthorized access to network data equipment. However, many small and medium companies without such expensive tools.

The best way to prevent the attack sniffer are:

1, security topology. Sniffer can only capture data on the current network segment. This means that the network segment the more detailed work, the sniffer to collect less information.

2, session encryption. I do not particularly worry about data being sniffed, but finding ways to make sniffing sniffer do not know the data. The advantage of this approach is obvious: even if the attacker to sniff the data, which is of no use to him.

Special Note: counter-measures to deal with attacks

For more than a second level of attack that you should pay special attention. Because they can continue to enhance the attack level to penetrate Linux server. In this case, counter-measures we can take are:

First, back up important business-critical data.

All passwords to change the system to notify users find the system administrator to get a new password.
- Linux user opens a number of adjustment processes (Linux)
- Oracle data row split multiple lines (Database)
- How to install or upgrade to the Linux kernel in Ubuntu 4.2 (Linux)
- Linux host dual LAN transceiver package ARP problem (Linux)
- command-line tool for send e-mail (Linux)
- Restore database fault encountered ORA-0600 (Database)
- OpenSSH server configuration file for each Common Definition (Server)
- Ubuntu install video conversion tool Selene (Linux)
- To obtain installation package (RPM) under RHEL6 (Linux)
- Linux NFS FTP use (Server)
- The signature can not be verified under Debian (Linux)
- HBase vs Oracle (Database)
- Linux Command Line Art (Linux)
- Install and configure GO 1.2.1 under CentOS 6.5 (Linux)
- Detailed iptables (Linux)
- Based shell: using read, the command-line script to achieve mass participation and input two integer calculation (Programming)
- To install the Oracle process notes on Oracle Linux 4u4 (Database)
- Linux system firewall defense network attacks (Linux)
- SVN hook code set to synchronize Web directory (Server)
- Python-- for anomalies and reflection of objects articles (Programming)
  CopyRight 2002-2020 newfreesoft.com, All Rights Reserved.