Chapter 12: Combination System Auditing Tools

OVERVIEW

If every software application worked the way it was supposed to, we wouldn't have to write this chapter. But because we live in an imperfect world, we can be sure that applications and services running on our systems will inevitably have bugs. What's worse , even the best-written applications could be running in a misconfigured state on our systems. Both bugs and misconfigurations can give a hacker a potentially easier, more surreptitious way into your network and systems. These problems can also let hackers ruin your day by crashing critical systems and services.

Bugs and misconfigurations are vulnerabilities. Nearly every system on your network probably has varying degrees of vulnerabilities. Some vulnerabilities are known to be exploitable, and the motivated hacker can scour Internet resources for code that will exploit the vulnerability. Other vulnerabilities don't yet have an available exploit, but more than likely people are hard at work on a "proof-of-concept" exploit that may or may not fall into the wrong hands. Even more undiscovered vulnerabilities remain to be found.

Attacks on vulnerabilities (exploits) usually cause a service or application to crash or malfunction in some manner. Some of these attacks bring down the application to a level where it's no longer running; others eat up so many system resources that the system can no longer function properly. These kinds of vulnerability attacks are called Denial-of-Service (DoS) attacks.

Other vulnerabilities let the hacker force the application to perform tasks that it normally shouldn't be able to do. Many services run with root or Administrator privileges (even though they might not always need to be) and as a consequence the hacker can gain super user privileges on the system, bypassing the usual valid login process. In this scenario, two different kinds of vulnerabilities are actually being exploited: the bug that lets you manipulate the service in an unintended manner, which is an application vulnerability, and the misconfiguration of the service (running as the root or Administrator user), which is a misconfiguration vulnerability. If the service runs with the rights of an unprivileged user, a hacker who exploits the application vulnerability doesn't gain as much access. If a hacker attacks a web service that is running as Administrator and the exploit allows him to run system commands as that web service user, the hacker has full run of the system. However, if a hacker exploits a similar web service that is running as an unprivileged user (say "IUSR"), the hacker has access only to the part of the system that the IUSR user can access. By eliminating the misconfiguration vulnerability, the application vulnerability becomes less severe.

For network managers and administrators, the race is on to find the vulnerabilities on their systems before someone else does.



Anti-Hacker Tool Kit
Anti-Hacker Tool Kit, Third Edition
ISBN: 0072262877
EAN: 2147483647
Year: 2006
Pages: 175

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net