Host Security  «Prev  Next»

Lesson 5Setting up shop
Objective Describe what Operating System crackers do.

Securing a Compromised System

Once crackers enter a system, they operate extremely rapidly.
Instructions and executable scripts are available on the Internet to automate the process of securing (from the cracker's perspective) a compromised system. Different operating systems and different installations have different known vulnerabilities, and these weaknesses are all fully documented. Normally, a cracker will go through a series of steps, which are described below:

Steps to secure System

  1. The cracker will try to break the root account, by either obtaining root's password, or making a program running as root do bad things. With root, a cracker can do anything!
  2. The log files show all of the activity on the system, so the cracker's
    first step after gaining root access is to eliminate them, thereby making themselves invisible.
  3. The cracker then installs a backdoor[1], in case the password on a hacked account is changed. This is accomplished by creating a new user, enabling a normally inactive user, or installing a special server process that allows them to connect again.
  4. The local password file, if readable, will be retrieved for offline analysis. Exploits of known problems are available for many "secure" networked password systems that allow intruders to also retrieve the password files of other related machines on the network.
  5. The cracker will try to gain direct access to other machines on the network. For example, if passwords are reused across machines, if users can connect among machines without passwords, or if there are other vulnerable services on the network, the cracker can easily break into additional machines.

  1. Here is a network of machines.
  2. Since security measures have not been implemented, an attacker is able to break into one of the machines.
  3. An attacker's work is complete since he has compromised one of the machines on the network, so the hacker exits.
  4. All of the machines have been compromised by the break in, possibly causing irreversible damage due to the malicious software installed on the machine.

Steps Compromised System
The next lesson lists ways that you can detect attacks. Click on the link below to check your understanding of how crackers infiltrate your system.
Common Breakin Procedures
[1]Backdoor: A hole placed in you r security by a cracker. It allows the intruder to gain easy access to your system by bypassing normal security.
The following SlideShow shows problems in a compromised system.