StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Practical UNIX Security - Assignment Example

Cite this document
Summary
This assignment "Practical UNIX Security" shows that the widespread use of computing technology has facilitated small, medium, and corporate organizations to achieve goals efficiently. The revolution of Information Technology has created new trends of doing business and communication. …
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER92.3% of users find it useful
Practical UNIX Security
Read Text Preview

Extract of sample "Practical UNIX Security"

?Introduction The widespread use of computing technology has facilitated small, medium and corporate organizations to achieve goals in an efficient way. The revolution of Information Technology has created new trends of doing business and communication. Moreover, the technology has provided a new approach of operating businesses during the past several years, and continues to provide many benefits as it spreads all over the globe. However, with its widespread adoption, threats and vulnerabilities are also rising. Organizations spent enormous funds to secure their data and network environment. Moreover, hardware security modules taken into consideration for securing highly classified data. However, these modules require frequent updates for virus definitions and new threats, which may affect the network anytime. Every now and then, new threats are designed and developed by hackers or cyber criminals. In spite of securing the networks and data centers, with the most updated and advanced security modules, there is still a probability of a new threat to intrude into the network. In addition, hackers and cyber criminals are exploring efficient codes day by day to improve the hacking software, in order to breach in to classified information, banks, online websites etc. As the threats and vulnerabilities are infinite, no one can memorize them in order to take a measured approach, the initial step is to identify the vulnerability type. An organization named as CVE (Common Vulnerabilities and Exposure) provides a database to search for a particular public known vulnerability. The sponsors for CVE are US-CERT and managed by MITRE Corporation. The goal is to provide common names for all publicly known security threats and exposures. In order to extract information from CVE, access of National Vulnerability Database is mandatory (NVD) (Cve. 2011). (CVE) The Standard A comprehensive definition is available on the CVE website, which states as “Common Vulnerabilities and Exposures (CVE®) is a dictionary of common names (i.e., CVE Identifiers) for publicly known information security vulnerabilities, while its Common Configuration Enumeration (CCE™) provides identifiers for security configuration issues and exposures. CVE’s common identifiers make it easier to share data across separate network security”. One more definition available in network dictionary states it as “common vulnerabilities and exposure is an emerging refers industry standard for identifying and naming vulnerabilities and various other information security exposures” (Common Vulnerabilities and Exposures. 2007). The primary objective of CVE is to provide a separate database accessible, in order to find out all the known threats and vulnerabilities currently, with the help of tools and services. What is CVE 3872 ? As CVE 3872 is a threat that operates on web technologies, before understanding CVE 3872, it is vital to focus on some of the web technologies that are associated with CVE 3872. Common Gateway Interface A newly developed website providing information must possess a database to store information, which is published on the website. In general, many people on the Internet will visit the website and access information, which is extracted from the database. This is where the importance of Common Gateway Interface (CGI) becomes useful. Dave Chaffy defines it as “A method of processing information on a web server in response to a customer’s request. Typically, a user will fill in a Web-based form and a CGI script (application) will process the results. Active Server Pages (ASP) are an alternative to a CGI script” (Chaffey 2006). Moreover, if the users query the database of the website, the CGI script will transmit the queries to the database and retrieves results on the website. It has become a standard for synchronizing information servers from external web applications. CGI is eminent in the form of a plain HTML file which his static, while CGI operates in a real time environment to display dynamic contents on a website. An executable program is incorporated in order to execute CGI, the inputs are the request of the users from the website. Consequently, CGI displays the required contents on the website. CGI provides many advantages for the web developers as well as web users. It is convenient and executable on wide assortment of web servers. Moreover, CGI is language independent, which is a plus for web developers. It is best recommended for E commerce applications due to its interaction with the database and the web server. CGI is not too expensive and at the same time it is useful for organizations to minimize their development and maintenance cost. Fast Common Gateway Interface The extended version of CGI, which is implemented commonly today, is called Fast Common Gateway Interface (FCGI). Likewise, Fast CGI is not bound to any application of the web server, and it becomes unchanged whenever technological development is conducted for the web server. Consequently, Fast CGI is slightly above the normal CGI due to its distributed computing features that provides organizations to operate Fast CGI from separate machines. Furthermore, distributed computing provides methodologies for scaling systems from more than one, resulting in high availability and reliability of web services. Furthermore, Fast CGI supports modular authentication, authorization checks and performs translation of data from one type to another (, FastCGI). Description of the threat associated with CVE 3872 is available on www.cvedetails.com as “The apr_status_t fcgid_header_bucket_read function in fcgid_bucket.c in Apache mod_fcgid before 2.3.6 does not use bytewise pointer arithmetic in certain circumstances, which has unknown impact and attack vectors related to ‘untrusted FastCGI applications’ and a ‘stack buffer overwrite’. The primary goal of this vulnerability is to attack websites with un-trusted Fast CGI based applications and stack buffer overwrite. The threat hits module named as ‘fcgid_module’ with a source file named as ‘mod_fcgid.c’, developed for executing Fast CGI applications. Evaluating ‘mod_fcgid’ ‘Mod_fcgid’ was created by Ryan Pan in 2004 (, mod_fcgid - FastCGI interface module for Apache 2 - The Apache HTTP Server Project).Fast CGI protocol process any application allocated to ‘fcgid-script’ handler. In order to handle concurrent request, ‘mod_fcgid’ initializes adequate number of instances of the application and continuous to operate for handling incoming request that are coming from time to time. Moreover, this process is efficient as compared to the default ‘mod_cgi’ or ‘mod_cgid’ modules, which are operational to initialize the program on each request. This will result in high consumption of CPU and the processes will me much slower. However, on the other hand the efficient ‘mod_fcgid’ continue to consume possessions, proving the administrator to configure setting by evaluating the impact of invalidating each specific application, individual per request adjacent to the resources required. This will allow sufficient instances operating on continuous basis. Furthermore, all the ‘httpd’ workers acquire the pool of invoked programs associated with ‘fcgid’. The two configuration directives allow the administrators to configure the program’s instances that are executed concurrently. The two directives are named as ‘AddHandler’ and ‘SetHandler’. Particular executives are associated to ‘AddHandler’ by allocating a name with an extension, and the override executives, by utilizing the ‘SetHandler’ directives (, mod_fcgid - Apache HTTP Server). CVE 3872 Impact and Functionality The 3872 attacks on the products associated with apache HTTP server. Up till now, there are five releases available, consisting of apache: mod_fcgid 2.3.1, apache: mod_fcgid 2.3.2, apache: mod_fcgid 2.3.3, apache: mod_fcgid 2.3.4, apache: mod_fcgid 2.3.5. As per the National Vulnerability Database, the impact of this threat is ranked to 7.2 (High), Impact sub-score is 10.0 and exploitability sub-score is 3.9. Moreover, the access vector is locally exploitable along with low access convolution and the authentication factor is not required to exploit. Accordingly, the impact type permits unauthorized confession of data. In addition, the impact includes unauthorized modification along with disruption of services (, National Vulnerability Database (NVD) National Vulnerability Database (CVE-2010-3872)). The platforms that are vulnerable to this threat are Apache HTTP Server 2.0, Apache HTTP Server 2.2, Apache Software Foundation mod_fcgid 2.3. Furthermore, the products that are vulnerable to this threat are as follows (, Apache 'mod_fcgid' Module Unspecified Stack Buffer Overflow Vulnerability): Red Hat Fedora 14 Red Hat Fedora 13 Red Hat Fedora 12 Debian Linux 5.0 sparc Debian Linux 5.0 s/390 Debian Linux 5.0 powerpc Debian Linux 5.0 mipsel Debian Linux 5.0 mips Debian Linux 5.0 m68k Debian Linux 5.0 ia-64 Debian Linux 5.0 ia-32 Debian Linux 5.0 hppa Debian Linux 5.0 armel Debian Linux 5.0 arm Debian Linux 5.0 amd64 Debian Linux 5.0 alpha Debian Linux 5.0, Furthermore, IBM website illustrates the following impacts related to this threat, which are as follows (, ISS X-Force Database: apache-fcgid-bo(63303): Apache mod_fcgid module fcgid_header_bucket_read() buffer overflow ): Base Score: 4.4 Access Vector: Local Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial Temporal Score: 3.3 Consequences: Gain Access The threat attacks on mod_fcgid and vulnerable to stack buffer overflow, which is stated as: “The Apache mod_fcgid module is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the fcgid_header_bucket_read() function. By sending specially-crafted FastCGO data, a local attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash” (, ISS X-Force Database: apache-fcgid-bo (63303): Apache mod_fcgid module fcgid_header_bucket_read() buffer overflow ). According to www.CVEdetails.com, vulnerability statistics for CVE 3872 are as follows: Confidentiality Impact Complete There is total information disclosure, resulting in all system files being revealed Integrity Impact Complete There is a total compromise of system integrity. There is a complete loss of system protection, resulting in the entire system being compromised Availability Impact Complete There is a total shutdown of the affected resource. The attacker can render the resource completely unavailable Access Complexity Low Specialized access conditions or extenuating circumstances do not exist. Very little knowledge or skill is required to exploit. Authentication Not required Authentication is not required to exploit the vulnerability Gained Access None (, CVE-2010-3872 : The apr_status_t fcgid_header_bucket_read function in fcgid_bucket.c in Apache mod_fcgid before 2.3.6 does not use bytew ) Impact on Windows Network / Domain The threat hits initially to the Apache HTTP server that contains the module named as ‘mod_fcgid’. If apache server is installed on a Microsoft based server that is configured on the network, the threat may easily allow unauthorized access of an intruder who can modify unauthorized data along with disruption of services. Moreover, the Microsoft domain server is also vulnerable to ‘mod_fcgid’ stack based buffer overflow attacks that are caused by reprehensible bounds inspection from the module named as ‘fcgid_header_bucket_read()’. A hacker may send a uniquely constructed Fast CGO data, in order to execute the arbitrary code on the apache server running on a windows based server. Consequently, the application will crash (, ISS X-Force Database: apache-fcgid-bo(63303): Apache mod_fcgid module fcgid_header_bucket_read() buffer overflow ). Remedial Action In order to eliminate this threat, whether in windows environment or Linux/Unix environment, Apache HTTP server must be updated to the latest version of ‘mod_fcgid’ 2.3.6 or later. Moreover, for Debian GNU/Linux lenny, administrator must upgrade the module with libapache2-mod-fcgid version 2.2-1+lenny1, for Debian GNU/Linux sid administrator must upgrade the module with libapache2-mod-fcgid version 2.3.6-1 and for Debian GNU/Linux squeeze administrator must upgrade the module with libapache2-mod-fcgid version 2.3.6-1(, VUPEN - Debian Security Update Fixes mod_fcgid Buffer Overflow Vulnerability / Exploit (Security Advisories - VUPEN/ADV-2011-0031) ). Metasploit Tool It is an open-source network security project. Due to its strong penetration testing features, it is considered to analyze the current and potential networks threats and vulnerabilities. A Metasploit Framework contains “both a penetration testing system and a development platform for creating security tools and exploits. The framework is used by network security professionals to perform penetration tests, system administrators to verify patch installations, product vendors to perform regression testing, and security researchers worldwide” (, Metasploit Penetration Testing Framework ). Moreover, the framework includes tools, libraries, modules and interfaces for users. The primary objective of the framework is the module launcher that allows a tester to install an exploit module and execute it on the target workstation. If the threat is victorious, the target receives a consignment and the user gets the access to configure the consignment. This tool is recommended for analyzing and removing CVE 3872 at the early stage. Conclusion The CVE 2010-3872 affects on different flavors of Linux/ Unix. Moreover, Apache HTTP server is the first point of contact where the module of apache server, named as ‘mod_fcgid’ is bypassed. The threat also affects windows domain network environments, if apache server is installed on Microsoft products. The threat permits unauthorized confession of data, unauthorized modification, and disruption of services. However, the threat can be eliminated by updating the ‘mod_fcgid’ by 2.3.6 or later. Furthermore, in order to conduct penetration testing on the existing network, metasploit framework is recommended. It helps to exploit existing and potential breaches in terms of network security and CVE 2010-3872. References Cve. 2011. Computer Desktop Encyclopedia, , pp. 1. , security definition . Available: http://www.businessdictionary.com/definition/security.html [3/9/2011, 2011]. Common Vulnerabilities and Exposures. 2007. Network Dictionary, , pp. 111-111. CHAFFEY, D., 2006. Internet marketing: strategy, implementation and practice Harlow: Financial Times Prentice Hall. , FastCGI | FastCGI - . Available: http://www.fastcgi.com/drupal/ [3/10/2011, 2011]. , mod_fcgid - Apache HTTP Server . Available: http://httpd.apache.org/mod_fcgid/mod/mod_fcgid.html [3/10/2011, 2011]. , mod_fcgid - FastCGI interface module for Apache 2 - The Apache HTTP Server Project . Available: http://httpd.apache.org/mod_fcgid/ [3/10/2011, 2011]. , CVE-2010-3872: Apache mod_fcgid Buffer Overflow « xorl %eax, %eax . Available: http://xorl.wordpress.com/2011/01/06/cve-2010-3872-apache-mod_fcgid-buffer-overflow/ [3/11/2011, 2011]. , National Vulnerability Database (NVD) National Vulnerability Database (CVE-2010-3872) . Available: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3872 [3/10/2011, 2011]. , Apache 'mod_fcgid' Module Unspecified Stack Buffer Overflow Vulnerability . Available: http://www.securityfocus.com/bid/44900/info [3/10/2011, 2011]. , ISS X-Force Database: apache-fcgid-bo(63303): Apache mod_fcgid module fcgid_header_bucket_read() buffer overflow . Available: http://xforce.iss.net/xforce/xfdb/63303 [3/10/2011, 2011]. , CVE-2010-3872 : The apr_status_t fcgid_header_bucket_read function in fcgid_bucket.c in Apache mod_fcgid before 2.3.6 does not use bytew . Available: http://www.cvedetails.com/cve/CVE-2010-3872/ [3/10/2011, 2011]. , VUPEN - Debian Security Update Fixes mod_fcgid Buffer Overflow Vulnerability / Exploit (Security Advisories - VUPEN/ADV-2011-0031) . Available: http://www.vupen.com/english/advisories/2011/0031 [3/10/2011, 2011]. , Metasploit Penetration Testing Framework . Available: http://www.metasploit.com/framework/ [3/10/2011, 2011]. Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(“Practical UNIX Security Assignment Example | Topics and Well Written Essays - 2500 words”, n.d.)
Retrieved from https://studentshare.org/family-consumer-science/1409842-practical-unix-security
(Practical UNIX Security Assignment Example | Topics and Well Written Essays - 2500 Words)
https://studentshare.org/family-consumer-science/1409842-practical-unix-security.
“Practical UNIX Security Assignment Example | Topics and Well Written Essays - 2500 Words”, n.d. https://studentshare.org/family-consumer-science/1409842-practical-unix-security.
  • Cited: 0 times

CHECK THESE SAMPLES OF Practical UNIX Security

The Significance of Systems Configuration and Management for a UNIX System

Practical UNIX Security Name Date Table of Contents Introduction UNIX is the most popular operating system which has been used extensively, and a lot of people still use it as it has been used in the past.... unix security Overview Normally, all UNIX-based or other systems encompass particular log on procedures.... However, a lot of IT experts who used UNIX systems in the earlier period discovered it inflexible from the security point of view....
8 Pages (2000 words) Essay

Practical UNIX Security LDAP

Moreover, it also solidify network security by integrating role based access and Kereberized authentication.... Moreover, for Linux / unix, ‘identity management module' installation is required on the domain controller along with the configuration of NIS server.... LDAP Account Management In order to manage account in the unix network environment, the unix systems are configured with Microsoft Active directory for centralized management of user accounts....
7 Pages (1750 words) Essay

Unix vs Windows: The Ongoing Debate

unix Versus Windows: The Ongoing Debate The comparison between the two operating systems: unix and Microsoft Windows is still an ongoing debate with a lot of pros and cons associated with both the operating systems.... unix has also started offering a Graphical User Interface; however, not at the rate of Windows.... The one feature of unix that makes it have some advantage over Windows is that it is a free to use operating system; therefore, it is free of cost....
5 Pages (1250 words) Research Paper

The elimination of IT crimes by knowledge management approaches

Firstly, physical security is an important factor.... UNIX, a security administration's tool freely available on internet, scans and collects information about host on a network if there exists any.... This utility examines different threats including bugs, inadequate password protection, and other security weaknesses.... The Computer security Institute (as cited by Cherkasov) reports that 90% US companies were under the threat of computer attacks in 2002 and almost 80% of them suffered minor and major damages as a result of hackers' activity ....
3 Pages (750 words) Thesis Proposal

Wireless Network Security - Cloud Computing Network

Perhaps the gradual trigger to the interest in wireless networking security can be traced back from the vast time that I dedicated to the study and teaching Information technology.... hellip; Perhaps the gradual trigger to the interest in wireless networking security can be traced back from the vast time that I dedicated to the study and teaching Information technology.... This did not auger well with the ethics of data computing, privacy and security....
3 Pages (750 words) Personal Statement

The Language and Use of Acceptable Usage Policy

For example, it is not possible for a Business 2 Business entity to develop an AUP by keeping in view the business model of Business 2 Customer entity because it will not be feasible and practical for the organization to implement the AUP.... The paper "The Language and Use of Acceptable Usage Policy " describes that despite having positive usage purposes, it has been observed that detection of abuse has remained a daunting task for investigators as the Internet has no international boundary separating one country from another....
7 Pages (1750 words) Essay

Qualification Requirements of Security Personnel in the UK

The dissertation “Qualification Requirements of security Personnel in the UK” estimates the current provided and required qualification standards appropriately aligned to meet the demands of the roles in which the UK frontline security staff are employed.... hellip; The researched security companies do not have substantive training programs to regularly upgrade the skills of the security personnel.... The security companies consider on-the-job training as an additional expense instead of taking as a way to increase the capability of security personnel to appropriately meet the security threats....
32 Pages (8000 words) Dissertation

Human Security and the Face of War in United Kingdom

… HUMAN security AND THE FACE OF WAR IN UNITED KINGDOMHuman security refers to an emerging paradigm for comprehending worldwide vulnerabilities.... The proponents of human security dispute the relevance of traditional concept of national security by HUMAN security AND THE FACE OF WAR IN UNITED KINGDOMHuman security refers to an emerging paradigm for comprehending worldwide vulnerabilities....
6 Pages (1500 words) Essay
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us