Date: Thu, 26 Feb 1998 19:30:06 -0400 (AST) From: Michael Richards <miker@scifair.acadiau.ca> To: LOlayiwola <LOlayiwola@aol.com> Cc: questions@FreeBSD.ORG Subject: Re: Unix System Security Message-ID: <Pine.BSF.3.96.980226191718.12794A-100000@scifair.acadiau.ca> In-Reply-To: <2c689b4f.34f5f716@aol.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> 1) What method(s) can a hacker use to intercept my password on a unix system > and the commands that could be used to achieve the interception. There is a vast number of ways depending on the setup of a system. It is _much_ easier to get if you already have an account. a) get the passwd file assuming it is not shadowed, run crack on it. b) if the passwd file is shadowed, there are still ways to get it, but they mostly involve holes that the administrator has not, or not yet closed. For example if they have the old version of suid perl, there is a script that will give you root privleges. c) another way is to run a packet sniffer, which dumps all the traffic on that ethernet to a file or whereever. They just need to sift through all the stuff and pick out the texts. This is very easy because the first let's say 200 bytes of each connection will usually start with username: password: you get the idea. there are many other ways to get passwords uncluding guessing. > 2) How could I as a security advisor advise a network administrator to cater > for this security problem. One important thing is to educate the users. Have them pick good passwords. Something like foobar is not a good password, nor is 555-2344, or julie. People who don't know any better commonly choose passwords like this. Take person X, he is going out with someone named Julie, and his phone number is 555-2344. Not hard to guess his password. If the cracker is able to get the passwd file they can run something called a dictionary crack on it. That involves going through the dictionary and trying permutations of words and numbers and trying them against the users. Someone with a bad password may match one of the program's guesses. A password like: 3%gP)3s would be a good one because it is not pronouncable, an english word it is not, hence there is little chance of a dictionary crack getting it. Also, if someone saw the 1st 3 characters, they couldn't guess the rest. Juli, if you knew the person would be an easy guess. To combat the problem of someone sniffing the password with a packet analyser, a program like ssh is a good thing. That encrypts the entire connection as well as a complex method of authentification to show that you are indeed connected to the machine you think that you are, not a clever imitation that is set up to grab the password. Those are just a few of the many things. I would suggest you get a book on it. One of the better ones I have seen is entitled: Firewalls and Internet Security: Repelling the wiley hacker. Have fun! -Mke To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.980226191718.12794A-100000>