1 UNIX Postmortem Mark Henman. 2 Introduction For most system administrators, there is no question that at some point at least one of their systems is.

Slides:



Advertisements
Similar presentations
Presented by Nikita Shah 5th IT ( )
Advertisements

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Operating system Part four Introduction to computer, 2nd semester, 2010/2011 Mr.Nael Aburas Faculty of Information.
Introduction to InfoSec – Recitation 13 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)
Rootkit Definition A rootkit is a collection of tools (programs) that enable administrator-level access to a computer or computer network. Typically, a.
Using Nagios for Intrusion detection Miguel Cárdenas Montes Elio Pérez Calle Francisco Javier Rodríguez Calonge.
ROOTKIT VIRUS by Himanshu Mishra Points to be covered Introduction History Uses Classification Installation and Cloaking Detection Removal.
What is hacking? Taeho Oh
Exam ● On May 15, at 10:30am in this room ● Two hour exam ● Open Notes ● Will mostly cover material since Exam 2 ● No, You may not take it early.
EMU/ICT Incident Response Team Firewall Access Session Presenter: IRT TEAM Member.
IBM Security Network Protection (XGS)
Presented by C.SARITHA ( 07R91A0568) INTRUSION DETECTION SYSYTEM.
Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.
Linux Networking and Security Chapter 10 File Security.
Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?
Cloud Computing How secure is it? Author: Marziyeh Arabnejad Revised/Edited: James Childress April 2014 Tandy School of Computer Science.
VMM Based Rootkit Detection on Android Class Presentation Pete Bohman, Adam Kunk, Erik Shaw.
Stuart Cunningham - Computer Platforms COMPUTER PLATFORMS Computer & Network Security & User Support & Training Week 11.
Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)
Prepared By, Mahadir Ahmad. StopBadware makes the Web safer through the prevention, mitigation, and remediation of badware websites. partners include.
Improving Intrusion Detection System Taminee Shinasharkey CS689 11/2/00.
Lecture 10 Intrusion Detection modified from slides of Lawrie Brown.
Rootkits. EC-Council The Problem  Microsoft Corp. security researchers are warning about a new generation of powerful system-monitoring programs, or.
Problem Determination Your mind is your most important tool!
Administrator Protect against Malware by: Brittany Slisher and Gary Asciutto.
CIS 450 – Network Security Chapter 15 – Preserving Access.
Lecture 15 Page 1 Advanced Network Security Perimeter Defense in Networks: Firewalls Configuration and Management Advanced Network Security Peter Reiher.
Chapter 5 Protecting Your PC from Viruses Prepared by: Khurram N. Shamsi.
Protecting Your Website / Network Onno W. Purbo
A Basic Introduction to Computer Security John H. Porter University of Virginia Department of Environmental Sciences.
LINUX ROOTKITS Chirk Chu Chief Security Officer University of Alaska Statewide System Information Technology Services.
Mathieu Castets October 17th,  What is a rootkit?  History  Uses  Types  Detection  Removal  References 2/11.
INTRUDERS BY VISHAKHA RAUT TE COMP OUTLINE INTRODUCTION TYPES OF INTRUDERS INTRUDER BEHAVIOR PATTERNS INTRUSION TECHNIQUES QUESTIONS ON INTRUDERS.
Name:Neha Madgaonkar Roll no:  What are intruders?  Types  Behavior  Techniques.
Applied Watch Technologies The Enterprise Open Source Security Infrastructure open.freedom Go ahead. Be free.
Introduction to Unix Security Greg Porter Data Processing Manager USPFO For California.
Intrusion Detection (ID) Intrusion detection is the ART of detecting inappropriate, incorrect, or anomalous activity There are two methods of doing ID.
Security monitoring boxes Andrew McNab University of Manchester.
Unix Security.  Security architecture  File system and user accounts  Integrity management  Auditing and intrusion detection.
INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used? Tripwire.
Day12 Network OS. What is an OS? Provides resource management and conflict resolution. –This includes Memory CPU Network Cards.
Understand Network Isolation Part 2 LESSON 3.3_B Security Fundamentals.
CHAPTER 2 Laws of Security. Introduction Laws of security enable user make the judgment about the security of a system. Some of the “laws” are not really.
Configuring, Managing and Maintaining Windows Server® 2008 Servers Course 6419A.
I NTRUSION P REVENTION S YSTEM (IPS). O UTLINE Introduction Objectives IPS’s Detection methods Classifications IPS vs. IDS IPS vs. Firewall.
Introduction to the Mac Introduction to the Mac Using Apple’s OS X with Jim Mollé Learn iT! Computer Software Training.
 Introduction  Tripwire For Servers  Tripwire Manager  Tripwire For Network Devices  Working Of Tripwire  Advantages  Conclusion.
Lecture 15 Page 1 CS 236 Online Evaluating Running Systems Evaluating system security requires knowing what’s going on Many steps are necessary for a full.
UNIX SYSTEM SECURITY Tanusree Sen Agenda Introduction Three Different Levels of Security Security Policies Security Technologies Future of.
Lecture 13 Page 1 CS 236 Online Intrusion Detection Systems CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
IDS And Tripwire Rayhan Mir COSC 356. What is IDS IDS - Intrusion detection system Primary function – To monitor network or host resources to detect intrusions.
PRESENTED BY : Bhupendra Singh
Some Great Open Source Intrusion Detection Systems (IDSs)
Lecture 19 Page 1 CS 236 Online 6. Application Software Security Why it’s important: –Security flaws in applications are increasingly the attacker’s entry.
Common System Exploits Tom Chothia Computer Security, Lecture 17.
A Quick Tour of Ceedo Safe Browsing and Remote Access Protection.
IDS Intrusion Detection Systems
Seminar On Ethical Hacking Submitted To: Submitted By:
Firmware threat Dhaval Chauhan MIS 534.
Outline Basic concepts in computer security
Rootkit A rootkit is a set of tools which take the ability to access a computer or computer network at administrator level. Generally, hackers install.
Backtracking Intrusions
IS3440 Linux Security Unit 9 Linux System Logging and Monitoring
LINUX SECURITY Dongmei Wu ID: /25/00.
Intrusion Detection Systems (IDS)
TRIP WIRE INTRUSION DETECTION SYSYTEM Presented by.
Bethesda Cybersecurity Club
Chapter 7 – and 8 pp 155 – 202 of Web security by Lincoln D. Stein
BACHELOR’S THESIS DEFENSE
6. Application Software Security
Presentation transcript:

1 UNIX Postmortem Mark Henman

2 Introduction For most system administrators, there is no question that at some point at least one of their systems is going to be hijacked by someone else. This presentation should provide enough information to help an administrator quickly and successfully recover from an attack.

3 Discovery Realize that you’ve been hacked Tools Observation

4 Realize that you’ve been hacked Crackers use to make themselves known quickly –Web site defacing Today’s crackers hide Hijacked machine market

5 Tools seccheck chkrootkit Tripwire Snort Use more than one form of intrusion detection. Watch for intruders inside and out.

6 Trust Nothing! Files may have been replaced –Binaries –Shared Libraries –Kernel

7 Trust Nothing! Disconnect the Network Shutdown the system Boot from a trusted hard drive Mount compromised file systems without execute permissions

8 Examining The System Log Files Changed system executables Shared libraries Viewed files Back doors Other network accessible systems

9 System Restoration Backup user data Check for alterations Re-install the Operating System Restore user data

10 Follow-up Harden the system against attack Check for abnormal behavior Bring the system back into service Monitor the log files

11 Conclusion Don’t panic! Isolate quickly Examine slowly and carefully Protect the system from a repeat attack

12 Where to Get More Information

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.