Common Exploits And Attacks - Red Hat ENTERPRISE LINUX 5 - DEPLOYMENT Deployment Manual

Section 43.1, "Workstation Security"
users should take to limit the vulnerability of computer workstations.

42.4. Common Exploits and Attacks

Table 42.1, "Common Exploits"
by intruders to access organizational network resources. Key to these common exploits are the
explanations of how they are performed and how administrators can properly safeguard their network
against such attacks.
Exploit Description
Null or Default Leaving administrative passwords
Passwords blank or using a default password set
by the product vendor. This is most
common in hardware such as routers
and firewalls, though some services
that run on Linux can contain default
administrator passwords (though Red
Hat Enterprise Linux 5 does not ship
with them).
Default Shared Secure services sometimes package
Keys default security keys for development
or evaluation testing purposes. If
these keys are left unchanged and are
placed in a production environment
on the Internet, all users with the
same default keys have access to
that shared-key resource, and any
sensitive information that it contains.
IP Spoofing A remote machine acts as a node on
your local network, finds vulnerabilities
with your servers, and installs a
backdoor program or trojan horse
to gain control over your network
resources.
Eavesdropping Collecting data that passes between
two active nodes on a network by
discusses in more detail what steps administrators and home
details some of the most common exploits and entry points used
Common Exploits and Attacks
Notes
Commonly associated with networking
hardware such as routers, firewalls,
VPNs, and network attached storage
(NAS) appliances.
Common in many legacy operating
systems, especially OSes that bundle
services (such as UNIX and Windows.)
Administrators sometimes create
privileged user accounts in a rush
and leave the password null, a perfect
entry point for malicious users who
discover the account.
Most common in wireless access
points and preconfigured secure
server appliances.
Spoofing is quite difficult as it involves
the attacker predicting TCP/IP
SYN-ACK numbers to coordinate
a connection to target systems,
but several tools are available to
assist crackers in performing such a
vulnerability.
Depends on target system running
services (such as rsh, telnet, FTP
and others) that use source-based
authentication techniques, which are
not recommended when compared
to PKI or other forms of encrypted
authentication used in ssh or SSL/
TLS.
This type of attack works mostly with
plain text transmission protocols such
as Telnet, FTP, and HTTP transfers.
595