Chapter 11. Gaining Privileges

Once a hacker has access to your system, keeping him from gaining more privileges is the hardest thing for a security administrator. Determining if the person using an account is the authorized user or not is a difficult task, especially if you have no reason to suspect a user. If the hacker is an official user, the task becomes even more difficult. His legitimate physical access and relationship with other users and system managers can all be exploited to his benefit.

An experienced hacker who can gain access and privileges on your system will be difficult to detect without diligent efforts. If he has gotten this far, you can be sure that his skills and knowledge will be a match for yours. He will probably know the software on your system well, but you will have better knowledge of the behavior of your system.

Building user profiles can help you identify hackers. These profiles are a database of normal work habits showing how and when each user uses the system. Automated collection of information from accounting, auditing, and logs can be analyzed to create statistical norms and notify security when there is significant deviation. Expert systems are becoming available in the marketplace to help in this endeavor.

The variety of methods and plethora of software on the system make plugging all the holes a continuous, impossible task. The hacker's ego is usually his downfall. Most hackers want to be recognized for their brilliance in outsmarting the system with their hacking exploits. They will feel compelled to tell people about their exploits, so they can be held in awe.

Awareness is the best defense for keeping hackers from gaining more privileges. It is not only important for the system administrator, but for ordinary users as well. Educating your users about security issues will create many allies to assist you in your endeavor.

The hacker will want to gain more privileges so he will have access to more of the system's resources. Privileges are allocated by account, so to gain more privileges he will either gain the identity of another user, whose account has more privileges, or get a user who has more privileges to run programs on his behalf .