User guide

ManualsBrandsRed Hat ManualsOtherENTERPRISE LINUX 4 - SELINUX GUIDE

Common Exploits and Attacks

13

explanations of how they are performed and how administrators can properly safeguard their network

against such attacks.

Table 1.1. Common Exploits

Exploit Description Notes

Null or Default

Passwords

Leaving administrative passwords

blank or using a default password set

by the product vendor. This is most

common in hardware such as routers

and firewalls, though some services

that run on Linux can contain default

administrator passwords (though Red

Hat Enterprise Linux does not ship

with them).

Commonly associated with networking

hardware such as routers, firewalls,

VPNs, and network attached storage

(NAS) appliances.

Common in many legacy operating

systems, especially those that bundle

services (such as UNIX and Windows.)

Administrators sometimes create

privileged user accounts in a rush and

leave the password null, creating a

perfect entry point for malicious users

who discover the account.

Default Shared

Keys

Secure services sometimes package

default security keys for development

or evaluation testing purposes. If

these keys are left unchanged and are

placed in a production environment

on the Internet, all users with the

same default keys have access to

that shared-key resource, and any

sensitive information that it contains.

Most common in wireless access

points and preconfigured secure

server appliances.

IP Spoofing A remote machine acts as a node on

your local network, finds vulnerabilities

with your servers, and installs a

backdoor program or trojan horse

to gain control over your network

resources.

Spoofing is quite difficult as it involves

the attacker predicting TCP/IP

sequence numbers to coordinate

a connection to target systems,

but several tools are available to

assist crackers in performing such a

vulnerability.

Depends on target system running

services (such as rsh, telnet, FTP

and others) that use source-based

authentication techniques, which are

not recommended when compared

to PKI or other forms of encrypted

authentication used in ssh or SSL/

TLS.

Eavesdropping Collecting data that passes between

two active nodes on a network by

eavesdropping on the connection

between the two nodes.

This type of attack works mostly with

plain text transmission protocols such

as Telnet, FTP, and HTTP transfers.

Remote attacker must have access

to a compromised system on a LAN

in order to perform such an attack;

usually the cracker has used an active

attack (such as IP spoofing or man-in-

the-middle) to compromise a system

on the LAN.