With the expansion of Linux business applications, a large number of network servers using the Linux operating system. Safety performance of Linux servers are more and more attention, Linux servers under attack here, according to the depth level in the form of lists, and propose different solutions.
Definition of the Linux server attacks are: attacks are designed to interfere with, damage, weaken, undermine the security of Linux servers unauthorized acts. Attack range from denial of service until it can harm and destruction of Linux servers. Linux server attacks on many types of paper from the point of view that the attack depth, we have divided into four attacks.
Attack Level I: Denial of Service (DoS)
Because of the proliferation of DoS attack tools, and the defects for the protocol layer of the short-term it can not change the fact that, DoS has become the most widespread, the most difficult to guard against attacks.
Denial of service attacks include distributed denial of service attacks, distributed denial of service attacks reflective, DNS distributed denial of service attacks, FTP attacks. Most denial of service attacks resulting in relatively low risk of even those may cause the system to restart the attack is only a temporary problem. Such attacks in the largely different from those who want to obtain a network control attacks, generally do not affect safety, but the denial of service attack on the data will continue for a long time, very tough.
So far, there is no absolute way to stop such attacks. But that does not mean that we should fight, in addition to emphasizing the individual host to strengthening the importance of the protection are not being exploited, strengthen the management of the server is a very important part. Be sure to install the software verification and filtering, test the real address of the packet source address. In addition to several denial of service can use the following measures: close unnecessary services, restrictions Syn half the number of connections open simultaneously, shortening the time out Syn half-time connection, update system patches.
Attack Level II: local users to obtain permission to read and write their unauthorized file
Local user password means that there is a machine in any local network, so users have a directory on a drive. Issue local users to access to their unauthorized file read and write access to a large extent depends on whether the danger is a key to access files. Random access to any local user temporary file directory (/ tmp) are dangerous, it can potentially pave a path leading to the next level of attack.
The main attack Level II is: hackers trick legitimate users informed of their confidential information or perform tasks, sometimes hackers will send a message to a user pretending to network managers, it requires the user to upgrade his system password.
Attack level four: the remote user to gain root privileges
The fourth level refers to those attacks thing should never have happened, it is deadly attacks. Root, super user or administrator permissions indicate the attacker has Linux server, you can read, write and perform all the files. In other words, the attacker has full control over the Linux server, you can be able to completely shut down at any time or even destroy the network.
Attack level four main form of attack is a TCP / IP continuous theft, passive channel to listen to and packet interception. TCP / IP continuous theft, passive channel to listen to and packet interception is to gather important information into the network approach, unlike the denial of service attacks, theft of these methods are more similar nature, more difficult to detect concealed. A successful TCP / IP attacks allow hackers to block transactions between the two groups, middlemen attack provides a good opportunity, then one or both hackers will control transactions without being noticed victims. Through passive wiretapping, hackers can manipulate and registration information, the file service, also found the Achilles' heel through from all channels can be on the target system. Looking for the online hackers and password, the application recognizes the legitimate channels. Packet interception is bound in the target system refers to an active listener program to intercept and change all or specific address information. Information can be sent to the illegal system changed to read, then returned without change to the hacker.
TCP / IP is the continuous theft of the actual network sniffer, note that if you believe that someone picked up the sniffer to your network, you can find some tools to verify. This tool is called time domain reflectometry measurement device (Time Domain Reflectometer, TDR). TDR and changes in the electromagnetic wave propagation is measured. A TDR connected to the network, able to detect unauthorized access to network data equipment. However, many small and medium companies without such expensive tools.
The best way to prevent the attack sniffer are:
1, security topology. Sniffer can only capture data on the current network segment. This means that the network segment the more detailed work, the sniffer to collect less information.
2, session encryption. I do not particularly worry about data being sniffed, but finding ways to make sniffing sniffer do not know the data. The advantage of this approach is obvious: even if the attacker to sniff the data, which is of no use to him.
Special Note: counter-measures to deal with attacks
For more than a second level of attack that you should pay special attention. Because they can continue to enhance the attack level to penetrate Linux server. In this case, counter-measures we can take are:
First, back up important business-critical data.
All passwords to change the system to notify users find the system administrator to get a new password.