Polling

Previous page
Table of content
Next page
I l @ ve RuBoard

There are a great number of information gathering services on UNIX systems that will supply information about the system and its users without requiring authentication. Many computer services are promiscuous when it comes to supplying information without authentication.

Disabling the Service

Disabling a service will keep it from disclosing information. It will also prevent the administrator from using the service to gather information. Each service should be evaluated as to its value to the administrator versus its value to a hacker. Any service which is selected to be disabled should be removed from the system to keep it from being re-enabled.

  • finger, from BSD, has long been associated with hackers. The finger will list the user 's login name , home directory, default shell, .plan and . project files; the information from the GECOS field in the password file; and the terminal's write status and idle time. You can gain information about a remote system by using the user@system syntax.

    Finger will also return information about users that are not currently logged on to the system. 

     finger @target

    Generally the finger command is more valuable to hackers than it is to system administrators. You may want to consider removing it and the finger daemon, fingerd, from the system. While the finger command is more notorious than the rwho and rusers commands, they return very similar information.

  • rwho, the remote who command, from BSD, reports who is logged onto all the systems that are running the remote who daemon rwhod. It displays the machine name, user name, to which line the user is connected, and the amount of idle time on that connection. It is accomplished through the utilization of the remote who daemons. These daemons communicate with every other machine that is running the daemon and exchange user information. This command will not work unless the remote who daemon is running on the machine where the command is executed.

  • rusers, the remote users command from Sun, gives a list of users on every machine on the subnet. It does this by broadcasting a request to the remote users daemon, rusersd. This daemon is started by the internet daemon and can be limited by using the internet daemon security facilities.

  • SNMP, Simple Network Management Protocol, supplies information to network management systems. The information needed by these management systems is also very valuable to hackers. The default read password on all systems is "public" and goes unchanged in most implementations . Some monitoring products expect that this will be the read password and provide no provision for altering it.

    Until the introduction of SNMP version 3, which has yet to gain widespread utilization, traffic between the monitoring and the monitored systems is transmitted as clear text.

    Any remote monitoring should utilize a VPN technology to provide privacy for the management information.

I l @ ve RuBoard

Previous page
Table of content
Next page
Halting the Hacker. A Practical Guide to Computer Security
Halting the Hacker: A Practical Guide to Computer Security (2nd Edition)
ISBN: 0130464163
EAN: 2147483647
Year: 2002
Pages: 210
Authors: Donald L. Pipkin
BUY ON AMAZON
ERP and Data Warehousing in Organizations: Issues and Challenges
Introducing Microsoft Office InfoPath 2003 (Bpg-Other)
Cisco Voice Gateways and Gatekeepers
Twisted Network Programming Essentials
Quantitative Methods in Project Management
Digital Character Animation 3 (No. 3)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy