UNIX Systems Security I Tools Module 3

1
UNIX Systems Security I ToolsModule 3

• Instructor
• Victor Hazlewood, CISSP
• victor_at_reference-systems.com

1Q06 UNIX Security Tools Victor Hazlewood
2
Module

• Review of rootkits
• A word about Windows rootkits
• Tool 5 Checking for rootkits with chkrootkit
• Tool 6 Network traffic analysis with ntop
• Tool 7 Port scanning with nmap

1Q06 UNIX Security Tools Victor Hazlewood
3
Review of Rootkits

• Rootkit definition and info on wikipedia
• http//en.wikipedia.org/wiki/Rootkit
• Rootkit definition
• Origin of rootkits
• Uses of rootkits
• Types of rootkits
• Application
• Kernel

1Q06 UNIX Security Tools Victor Hazlewood
4
Rootkits

• T0rn Type applicationhttp//www.sans.org/y2k/t0
  rn.htm
• SucKITType kernelhttp//la-samhna.de/library/ro
  otkits/list.html
• Windows
• FU
• Hacker defender (windows)
• Sonys rootkit (You have to be kidding!)

1Q06 UNIX Security Tools Victor Hazlewood
5
Detecting Rootkits

• Chkrootkithttp//www.chkrootkit.org/
• Rkhunterwww.rootkit.nl/projects/rootkit_hunter.ht
  ml
• Windows
• Rootkit revealer from sysinternalshttp//www.sysi
  nternals.org/
• Blacklight from FSecure
• Rkdetector

1Q06 UNIX Security Tools Victor Hazlewood
6
chkrootkit

• Chkrootkithttp//www.chkrootkit.org/
• List of checks
• Description of the pieces from the README
• Installation
• Using chkrootkit

1Q06 UNIX Security Tools Victor Hazlewood
7
ntop

• Network tophttp//www.ntop.org/ntop.html
• Similar to top for processes,but for the network
• Web interface to network stats
• What can ntop do see website
• For Unix and Windows
• Installation (see Download)

1Q06 UNIX Security Tools Victor Hazlewood
8
nmap

• Utility for network exploration or security
  auditinghttp//www.insecure.org/nmap/
• service discovery
• Host OS discovery
• Installation

1Q06 UNIX Security Tools Victor Hazlewood