Security: Dealing with four levels of attacks on Linux servers

With the expansion of Linux enterprise applications, there are a large number of network servers using the Linux operating system. The security performance of Linux servers is receiving more and more attention. Here, the depth of attacks on Linux servers is listed in levels and different solutions are proposed.

definition of a Linux server attacks are: attacks are designed to interfere with, damage, weaken, undermine the unauthorized acts of Linux server security. The scope of the attack can be denied from the service until the Linux server is completely compromised and destroyed. There are many kinds of attacks on Linux servers. This article explains from the perspective of attack depth that we divide the attacks into four levels.

Attack Level I: Denial of Service Attack Facts (DoS)


due to the proliferation of DoS attack tools, and the defects for the protocol layer can not change the short-term, DoS has become the most widely spread and most difficult attack prevention method.

denial of service attacks include distributed denial of service attack, distributed denial of service attacks reflective, the DNS distributed denial of service attacks, FTP attacks. Most service denial attacks lead to relatively low-level risks, even those that may cause the system to restart are only temporary problems. This type of attack is largely different from those that want to gain network control. It generally does not affect data security, but the service denial attack will last for a long time and is very difficult.

So far, there is no absolute way to stop such attacks. However, this does not mean that we should be at hand. In addition to emphasizing the importance of personal host protection and protection, the strengthening of server management is a very important part. Be sure to install the verification software and filtering function to verify the real address of the source address of the message. In addition, for several service denials, the following measures can be taken: turning off unnecessary services, limiting the number of simultaneous semi-connections opened at the same time, shortening the time out time of Syn semi-join, and updating system patches in time.

Attack Level II: local users to access their unauthorized file read and write permissions


local user password means that there is a machine in any local network Thus, there is a directory of users on a drive. The question of whether local users have access to the read and write permissions of their unauthorized files is largely due to the criticality of the files being accessed. Any local user's arbitrary access to the temporary file directory (/tmp) is dangerous, and it can potentially lay a path to the next level of attack. The main method of attack

level two is: hackers trick legitimate users informed of their confidential information or perform tasks, sometimes hackers will send a message to a user pretending to network managers, requires the user to upgrade his system password.

attack launched by the local users are almost always start from a remote login. For Linux servers, the best approach is to place all shell accounts on a separate machine, that is, to register on only one or more servers that are assigned shell access. This makes it easier to manage log management, access control management, release protocols, and other potential security issues. The system that stores the user's CGI should also be distinguished. These machines should be isolated in a specific network segment, that is, they should be surrounded by routers or network switches depending on the configuration of the network. Its topology should ensure that hardware address spoofing cannot exceed this section.

Attack Level Three: The third level of remote users get privileges file read and write permissions


attack can do not only verify the existence of a specific file, but also Can read and write these files. The reason for this is that there are some weaknesses in the Linux server configuration: remote users can execute a limited number of commands on the server without a valid account.

password attack method is the third level of the main attack method, damage your password is the most common method of attack. Password cracking is a term used to describe the infiltration of a network, system, or resource to unlock a password-protected resource with or without tools. Users often ignore their passwords and password policies are difficult to implement. Hackers have multiple tools to defeat passwords protected by technology and society. Mainly include: Dictionary attack, Hybrid attack, Brute force attack. Once a hacker has a user's password, he has a lot of user privileges. Password guessing refers to manually entering a normal password or obtaining a password by compiling the original of the program. Some users choose simple passwords—such as birthdays, anniversaries, and spouse names—but do not follow the rules that should be mixed with letters and numbers. It doesn't take long for a hacker to guess a string of eight-word birthday data. The best method of defense to prevent

third level of attack is to strictly control access to privileged, that is using a valid password.

include password should follow the letters, numbers, case (because Linux is case there is a distinction between) mixed-use rules.

Using special characters like "#" or "%" or "$" also adds complexity. For example, use the word "countbak" and add "#$" (countbak#$) after it, so you have a fairly valid password.