DOCSLIB.ORG

Lehrstuhl Für Sicherheit in Der Informatik Data-Only Malware

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

FAKULTAT¨ FUR¨ INFORMATIK DER TECHNISCHEN UNIVERSITAT¨ MUNCHEN¨ Lehrstuhl f¨urSicherheit in der Informatik Data-only Malware Sebastian Wolfgang Vogl Vollst¨andigerAbdruck der von der Fakult¨atf¨urInformatik der Technischen Universit¨at M¨unchen zur Erlangung des akademischen Grades eines Doktors der Naturwissenschaften (Dr. rer. nat.) genehmigten Dissertation. Vorsitzender: Univ.-Prof. Dr. Uwe Baumgarten Pr¨uferder Dissertation: 1. Univ.-Prof. Dr. Claudia Eckert 2. Univ.-Prof. Dr. Thorsten Holz, Ruhr-Universit¨atBochum Die Dissertation wurde am 09.02.2015 bei der Technischen Universit¨atM¨unchen eingereicht und durch die Fakult¨atf¨urInformatik am 02.07.2015 angenommen. Acknowledgements Over the past years, I have received support and encouragement from many smart and amazing people. I want to seize this opportunity to express my sincere appreciation and gratitude to all of them. First and foremost, I would like to extend my thanks to my advisor and supervisor, Prof. Dr. Claudia Eckert, for providing me with the opportunity to write this thesis and for her outstanding mentoring during this time. Her unwavering support, continuous encouragement, and guidance greatly helped my research and this dissertation. Similarly, I want to thank my second advisor, Prof. Dr. Thorsten Holz, for his assistance, valuable advice, and crucial contribution to my research, which advanced and improved my thesis substantially. Additionally, I am very grateful to Prof. Dr. Michael Gerndt and Prof. Dr. Jonathon Giffin for providing me with the possibility of studying at Georgia Tech and for their support, encouragement, and guidance throughout the process. Next, I would like to thank my former and current colleagues at the IT security research groups in Munich and Bochum for the interesting discussions, the collaboration, the support of my work, the excellent atmosphere, and the pleasant evenings: Dr. Christian Schneider, Dr. Jonas Pfoh, Thomas Kittel, George Webster, Tamas Lengyel, Fatih Kilic, Julian Kirsch, Robert Gawlik, and Behrad Garmany. I am also grateful to the great people I met during my studies in Munich and in Atlanta for making studying an unforgettable experience and expanding my horizon. Most importantly, Tobias R¨ohm, Sepp Tremmel, Markus Graßl, Ferdinand Beyer, Felix Weninger, Bulli Bertolotti, Paolo Manenti, and Peter Ligeiro. My thanks also go to the extraordinary students that contributed to my projects: Lorenz Panny, Christian von Pentz, and Jonas Jelten. Thanks, too, to my closest friends for always being there for me, for their general awesomeness, and for helping me to keep my sanity: Felix R¨omisch, Thomas Zirngibl, Philip Lembcke, Alexander Lehmann, Melanie Lehmann, Felix Abele, and Dominik Zaun. Finally yet importantly, I would like to thank my family. My parents who opened up this path for me with their unlimited support, encouragement, and love. My sister for always looking out for her little brother. My grandparents for enriching my life, introducing me to Bud Spencer, and helping me to put things in perspective. Ronnie for his meticulous help with grammar and text comprehension. Family Meier for their support, understanding, and encouragement. Anna and Markus for becoming part of my life. And my love, Elisabeth, for being you, which is more than I ever dreamed of. iii Abstract Protecting the integrity of code is generally considered as one of the most effective approaches to counteract malicious software (malware). However, the fundamental problem with code-based detection approaches is that they rely on the false assumption that all malware consists of executable instructions. This makes them vulnerable to data-only malware, which, in contrast to traditional malware, does not introduce any additional instructions into the infected system. Instead, this malware form solely relies on the instructions that existed before its presence to perform malicious computations. For this purpose, data-only malware employs code reuse techniques such as return-oriented programming to combine existing instructions into a new malicious program. Due to this approach, the malware itself will consist solely of control data, enabling it to evade all existing code-based detection mechanisms. Despite this astonishing capability and the obvious risks associated with it, data-only malware has not been studied in detail to date. For this reason, the dimensions of the danger of this potential future threat remain as yet unknown. To remedy this shortcoming, we will in this work provide the first comprehensive study of data-only malware. We will begin by conducting a detailed analysis of data-only malware to determine the capabilities and limitations of this new malware form. In the process, we will show that data-only malware is not only on a par with traditional malware, but even surpasses it in its level of stealth and its ability to evade detection. To demonstrate this, we will present detailed proof of concept implementations of sophisticated data-only malware that are capable of infecting current systems in spite of the numerous protection mechanisms that they at present employ. Having shown that data-only malware is a serious and realistic threat, we evaluate the effectiveness of existing defense mechanisms with regard to data-only malware in the second part of this thesis. The goal of our analysis is hereby to determine whether there already exist effective countermeasures against data-only malware or if this new malware form poses an immediate danger to current systems due to the lack of such. In the course of our analysis, we identify hook-based detection mechanisms as the only potentially effective existing countermeasure against data-only malware. To validate this hypothesis, we follow our initial analysis with a detailed study of current hook-based detection mechanisms. In the process, we discover that hook-based detection mechanisms rely on the false assumption that an attacker can only modify persistent control data in order to install hooks. This oversight enables data-only malware to evade existing mechanisms by v targeting transient control data such as return addresses instead. To illustrate this, we present a new hooking concept that we refer to as dynamic hooking. Instead of changing control data directly, the key idea behind this concept is to manipulate non-control data in such a way that it will trigger a vulnerability at runtime, which then overwrites transient control data, resulting in the invocation of the hook. Due to this approach, dynamic hooks are hidden within non-control data, which makes it significantly more difficult to detect them and enables them to evade all existing hook-based detection mechanisms. Since our analysis of existing malware defense mechanisms yielded the result that even hook-based defense mechanisms are unable to detect data-only malware, we will deal with countermeasures against this malware form in the third and final part of the thesis. For this purpose, we first introduce a virtual machine introspection-based framework for malware detection and removal called X-TIER. X-TIER enables security applications to inject kernel modules from the hypervisor into a running virtual machine and to execute them securely within the guest. In the process, the modules can access any kernel function and any kernel data structure without loss of security. In addition, the modules can transfer arbitrary information to the hypervisor. Consequently, X-TIER effectively enables hypervisor-based security applications to circumvent the semantic gap, which constitutes the key problem that all security applications on the hypervisor-level face. By combining strong security guarantees with full access to the state of the virtual machine, our framework can provide an excellent basis for countermeasures against data-only malware. Based on our framework we finally present three concrete detection mechanisms for data-only malware. Each of these mechanisms puts to use one of the inherent dependencies of data-only malware, which we identified during our initial analysis of this malware form, against the malware itself. This results in effective countermeasures that can, particularly when used in combination, provide strong initial defenses against data-only malware. vi Zusammenfassung Die Integrit¨atdes Systemcodes zu sch¨utzen,gilt allgemein als eine der effektivsten Meth- oden um Infektionen durch Schadsoftware zu verhindern. Das fundamentale Problem solcher codebasierten Erkennungsmethoden ist jedoch, dass sie auf der falschen Annahme basieren, dass jede Schadsoftware aus ausf¨uhrbaren Maschineninstruktionen besteht. Dadurch sind derartige Erkennungsmechanismen anf¨alligf¨ur rein datenbasierte Schadsoft- ware, die im Gegensatz zu traditioneller Schadsoftware keine zus¨atzlichen Instruktionen in das System einschleust. Stattdessen, verwendet diese Schadsoftwareart zur Ausf¨uhrung ausschließlich Instruktionen, die sich bereits vor der Infektion auf dem System befunden haben. Dazu f¨ugtdie rein datenbasierte Schadsoftware bestehende Instruktionen mit Hilfe sogenannter Code-Reuse-Techniken wie Return-Oriented Programming zu einem neuen Schadprogramm zusammen. Die resultierende Schadsoftware besteht dabei auss- chließlich aus Kontrolldaten, was es ihr erm¨oglicht allen existierenden codebasierten Erkennungsverfahren zu entgehen. Trotz dieser erstaunlichen F¨ahigkeit und dem damit verbundenem Risiko, wurde rein datenbasierte Schadsoftware in der Forschung bisher nur unzureichend betrachtet. Aus diesem Grund ist derzeit v¨olligunklar,
Recommended publications
  • Technical White Paper

    Technical White Paper

    Uniform Driver Interface Introduction to UDI Version 1.0 Technical White Paper http://www.project-UDI.org Introduction to UDI Abstract The Uniform Driver Interface (UDI) allows device drivers to be portable across both hardware platforms and operating systems without any changes to the driver source. With the participation of multiple operating system (OS), platform and device hardware vendors, UDI is the first interface that is likely to achieve such portability on a wide scale. UDI provides an encapsulating environment for drivers with well-defined interfaces which isolate drivers from OS policies and from platform and I/O bus dependencies. This allows driver development to be totally independent of OS development. In addition, the UDI architecture insulates drivers from platform specifics such as byte-ordering, DMA implications, multi-processing, interrupt implementations and I/O bus topologies. The formal UDI specifications are currently available from the Project UDI web page (http://www.project-UDI.org). Introduction to UDI - Version 1.0 - 8/31/99 i Preface Copyright Notice Copyright © 1999 Adaptec, Inc; Compaq Computer Corporation; Hewlett-Packard Company; International Business Machines Corporation; Interphase Corporation; Lockheed Martin Corporation; The Santa Cruz Operation, Inc; SBS Technologies, Inc; Sun Microsystems (“copyright holders”). All Rights Reserved. This document and other documents on the Project UDI web site (www.project-UDI.org) are provided by the copyright holders under the following license. By obtaining, using and/or copying this document, or the Project UDI document from which this statement is linked, you agree that you have read, understood, and will comply with the following terms and conditions: Permission to use, copy, and distribute the contents of this document, or the Project UDI document from which this statement is linked, in any medium for any purpose and without fee or royalty is hereby granted, provided that you include all of the following on ALL copies of the document, or portions thereof, that you use: 1.
  • SCO Openserver 6 Definitive 2018 – Release Notes – December 2017

    SCO Openserver 6 Definitive 2018 – Release Notes – December 2017

    SCO OpenServer 6 Definitive 2018 – Release Notes – December 2017 SCO OpenServer® 6 Definitive 2018 RELEASE NOTES About this Release SCO OpenServer® 6 Definitive 2018 is a new release of the OpenServer 6 operating system from Xinuos, which includes OpenServer 6, its maintenance packs and all OpenServer 6.0.0V features as well as additional functionality and maintenance. SCO OpenServer 6 Definitive 2018, denoted as Definitive 2 Maintenance 1 (D2M1), is a successor release to OpenServer 6 as well as a successor release to OpenServer 6.0.0V. These Release Notes accompany the SCO OpenServer 6 Definitive 2018 GETTING STARTED GUIDE (December 2017) which is also available for free download at the Xinuos web site portal. Revisions Revision Date Description 00 12/2015 Initial document release – OpenServer6D2M0. 01 12/2017 Update document release – OpenServer6D2M1. Page 1 of 14 Xinuos, Inc. – All Rights Reserved – Copyright © 2017 SCO OpenServer 6 Definitive 2018 – Release Notes – December 2017 Contents of these Release Notes Media ..................................................................................................................................................... 2 Supported Platforms ........................................................................................................................... 2 What's New in this Release ................................................................................................................ 4 Highlights ........................................................................................................................................................
  • When C2 Is on the PO

    When C2 Is on the PO

    In the Public Interest Doing Business with Governments When C2 is on the PO If you sell to the federal government, Orange Book was issued first in August 1983 and in December 1985 was reissued there is a good chance that your as a Department of Defense standard product will have to run on a (DOD 5200.28-STD). The Orange Book then became refer- trusted system. enced as a mandatory requirement for operating systems delivered to DOD. Once that happened, anyone who sold an operating system to DOD had to implement a trusted system. This forced firms, such as DEC, Hewlett-Packard, IBM onsider this scenario: Your firm’s Taken together, there are seven levels (in and others, to develop trusted versions of marketing efforts have finally suc- decreasing order of security): A1, B3, B2, their respective operating systems. This Cceeded in penetrating a large fed- B1, C2, C1 and D. The technical attribut- concept has moved beyond DOD, and eral agency. The potential for significant es of each are detailed in the Orange currently many civilian agencies, such as sales from this organization is large. Just Book, which is described below. the IRS, the Department of Agriculture, as you begin to count your revenue (or U.S. Customs and others, require a trust- your commission check if you’re the sales By the Book ed operating system on many if not all of person for this account), your prospect The National Computer Security Center their operating system purchases. While asks, “Your software does run on a C2 sys- (NCSC) evaluates the security features of this often does not include desktop oper- tem, doesn’t it?” trusted products against established tech- ating systems such as DOS and Windows, You answer, “Huh?” This might not be nical standards and criteria.
  • Debloating Software Through Piece-Wise Compilation and Loading

    Debloating Software Through Piece-Wise Compilation and Loading

    Debloating Software through Piece-Wise Compilation and Loading Anh Quach and Aravind Prakash, Binghamton University; Lok Yan, Air Force Research Laboratory https://www.usenix.org/conference/usenixsecurity18/presentation/quach This paper is included in the Proceedings of the 27th USENIX Security Symposium. August 15–17, 2018 • Baltimore, MD, USA ISBN 978-1-939133-04-5 Open access to the Proceedings of the 27th USENIX Security Symposium is sponsored by USENIX. Debloating Software through Piece-Wise Compilation and Loading Anh Quach Aravind Prakash Binghamton University Binghamton University [email protected] [email protected] Lok Yan Air Force Research Laboratory [email protected] Abstract This extraneous code may contain its own bugs and vulnerabilities and therefore broadens the overall attack Programs are bloated. Our study shows that only 5% of surface. Additionally, these features add unnecessary libc is used on average across the Ubuntu Desktop envi- burden on modern defenses (e.g., CFI) that do not dis- ronment (2016 programs); the heaviest user, vlc media tinguish between used and unused features in software. player, only needed 18%. Accumulation of unnecessary code in a binary – either In this paper: (1) We present a debloating framework by design (e.g., shared libraries) or due to software devel- built on a compiler toolchain that can successfully de- opment inefficiencies – amounts to code bloating. As a bloat programs (shared/static libraries and executables). typical example, shared libraries are designed to contain Our solution can successfully compile and load most li- the union of all functionality required by its users. braries on Ubuntu Desktop 16.04.
  • Technology Overview New Features Backupedge

    Technology Overview New Features Backupedge

    Technology Overview - BackupEDGE™ Introduction to the New Features in BackupEDGE 3.x Technology Overview BackupEDGE has a long history of providing reliable data protection for New Features many thousands of users. As operating systems, storage devices and BackupEDGE 3.x usage needs and tendencies have changed over the years, it has continuously met the challenge of providing inexpensive, stable backup and disaster recovery on a variety of UNIX and Linux platforms. Clients routinely find new and clever ways to utilize products. Storage devices have taken on new and exciting features, and incredible capacities. Products designed years ago had built-in limits that were thought to be beyond comprehension. Today, these limits are routinely exceeded. The need for data security is even more apparent. We’re constantly asking our To continue to meet the evolving needs of our clients, we are always clients what tools our asking what features of our products they find most useful, what products need to serve them improvements we can make, and what new requirements they have. better. We’ve used this knowledge to map out new product strategies designed to anticipate the needs of the next generation of users, systems and storage products. This has resulted in the creation of BackupEDGE 3.x, with a combination of internal improvements, new features and enhanced infrastructure designed to become the backbone of a new generation of storage software. Summary of Major Changes and Additions BackupEDGE 3.x features include: • Improvements to partition sizing, UEFI table cleanup after DR, and SharpDrive debugging (03.04.01 build 3). • Support for Rocky Linux 8.4 and AlmaLinux 8.4 (03.04.01 build 2).
  • Kratka Povijest Unixa Od Unicsa Do Freebsda I Linuxa

    Kratka Povijest Unixa Od Unicsa Do Freebsda I Linuxa

    Kratka povijest UNIXa Od UNICSa do FreeBSDa i Linuxa 1 Autor: Hrvoje Horvat Naslov: Kratka povijest UNIXa - Od UNICSa do FreeBSDa i Linuxa Licenca i prava korištenja: Svi imaju pravo koristiti, mijenjati, kopirati i štampati (printati) knjigu, prema pravilima GNU GPL licence. Mjesto i godina izdavanja: Osijek, 2017 ISBN: 978-953-59438-0-8 (PDF-online) URL publikacije (PDF): https://www.opensource-osijek.org/knjige/Kratka povijest UNIXa - Od UNICSa do FreeBSDa i Linuxa.pdf ISBN: 978-953- 59438-1- 5 (HTML-online) DokuWiki URL (HTML): https://www.opensource-osijek.org/dokuwiki/wiki:knjige:kratka-povijest- unixa Verzija publikacije : 1.0 Nakalada : Vlastita naklada Uz pravo svakoga na vlastito štampanje (printanje), prema pravilima GNU GPL licence. Ova knjiga je napisana unutar inicijative Open Source Osijek: https://www.opensource-osijek.org Inicijativa Open Source Osijek je član udruge Osijek Software City: http://softwarecity.hr/ UNIX je registrirano i zaštićeno ime od strane tvrtke X/Open (Open Group). FreeBSD i FreeBSD logo su registrirani i zaštićeni od strane FreeBSD Foundation. Imena i logo : Apple, Mac, Macintosh, iOS i Mac OS su registrirani i zaštićeni od strane tvrtke Apple Computer. Ime i logo IBM i AIX su registrirani i zaštićeni od strane tvrtke International Business Machines Corporation. IEEE, POSIX i 802 registrirani i zaštićeni od strane instituta Institute of Electrical and Electronics Engineers. Ime Linux je registrirano i zaštićeno od strane Linusa Torvaldsa u Sjedinjenim Američkim Državama. Ime i logo : Sun, Sun Microsystems, SunOS, Solaris i Java su registrirani i zaštićeni od strane tvrtke Sun Microsystems, sada u vlasništvu tvrtke Oracle. Ime i logo Oracle su u vlasništvu tvrtke Oracle.
  • Free Webinar Training

    Free Webinar Training

    SCO_webinar.qxd 6/5/06 3:03 pm Page 1 FREE WEBINAR TRAINING Learn from the Experts. FREE TRAINING Considering upgrading your customer base to OpenServer 6 or UnixWare 7.1.4 but uneasy that you may introduce risk and create problems, including downtime for your loyal customer base? SCO would like to help by offering free, technical training. Learn from the EXPERTS. Two of the top SCO engineers have created a series of technical webinars to show you how easy it is to upgrade your customers to OpenServer 6 or UnixWare 7.1.4. And you are invited to attend. The Web seminar topics include: > Running Third-Party Applications on OpenServer 6 SCO® OpenServer™ is the applications > Best Practices in Upgrading to OpenServer 6 for Developers platform chosen by computer professionals > Best Practices in Upgrading to OpenServer 6 for System Administrators for reliable, stable, and secure deployment on Intel and compatible computer systems. > Upgrading to UnixWare 7.1.4 Now, with the release of SCO OpenServer 6 these attributes have been refined to meet COME TO SCO FORUM 2006 the challenges of a global economy. The Forum 2006 is coming! You are invited to SCO Forum 2006, greatest improvements in OpenServer 6 at the Mirage Hotel in Las Vegas, August 6-9, 2006. include multi-threaded application support, Keynotes, industry experts, strategies, directions, and birds- large file support (up to 1 terabyte), and an of-a-feather get-togethers will punctuate this hard-hitting updated look and feel. With the introduction conference filled with eye-opening technical breakout ses- of the SVR5 kernel technology, SCO sions on SCO UNIX, SCAMP, HA Clusters, On-Line Data OpenServer 6 customers have reported Manager and Mirroring, SOA, and Digital Mobile Services.
  • Insight MFR By

    Insight MFR By

    Manufacturers, Publishers and Suppliers by Product Category 11/6/2017 10/100 Hubs & Switches ASCEND COMMUNICATIONS CIS SECURE COMPUTING INC DIGIUM GEAR HEAD 1 TRIPPLITE ASUS Cisco Press D‐LINK SYSTEMS GEFEN 1VISION SOFTWARE ATEN TECHNOLOGY CISCO SYSTEMS DUALCOMM TECHNOLOGY, INC. GEIST 3COM ATLAS SOUND CLEAR CUBE DYCONN GEOVISION INC. 4XEM CORP. ATLONA CLEARSOUNDS DYNEX PRODUCTS GIGAFAST 8E6 TECHNOLOGIES ATTO TECHNOLOGY CNET TECHNOLOGY EATON GIGAMON SYSTEMS LLC AAXEON TECHNOLOGIES LLC. AUDIOCODES, INC. CODE GREEN NETWORKS E‐CORPORATEGIFTS.COM, INC. GLOBAL MARKETING ACCELL AUDIOVOX CODI INC EDGECORE GOLDENRAM ACCELLION AVAYA COMMAND COMMUNICATIONS EDITSHARE LLC GREAT BAY SOFTWARE INC. ACER AMERICA AVENVIEW CORP COMMUNICATION DEVICES INC. EMC GRIFFIN TECHNOLOGY ACTI CORPORATION AVOCENT COMNET ENDACE USA H3C Technology ADAPTEC AVOCENT‐EMERSON COMPELLENT ENGENIUS HALL RESEARCH ADC KENTROX AVTECH CORPORATION COMPREHENSIVE CABLE ENTERASYS NETWORKS HAVIS SHIELD ADC TELECOMMUNICATIONS AXIOM MEMORY COMPU‐CALL, INC EPIPHAN SYSTEMS HAWKING TECHNOLOGY ADDERTECHNOLOGY AXIS COMMUNICATIONS COMPUTER LAB EQUINOX SYSTEMS HERITAGE TRAVELWARE ADD‐ON COMPUTER PERIPHERALS AZIO CORPORATION COMPUTERLINKS ETHERNET DIRECT HEWLETT PACKARD ENTERPRISE ADDON STORE B & B ELECTRONICS COMTROL ETHERWAN HIKVISION DIGITAL TECHNOLOGY CO. LT ADESSO BELDEN CONNECTGEAR EVANS CONSOLES HITACHI ADTRAN BELKIN COMPONENTS CONNECTPRO EVGA.COM HITACHI DATA SYSTEMS ADVANTECH AUTOMATION CORP. BIDUL & CO CONSTANT TECHNOLOGIES INC Exablaze HOO TOO INC AEROHIVE NETWORKS BLACK BOX COOL GEAR EXACQ TECHNOLOGIES INC HP AJA VIDEO SYSTEMS BLACKMAGIC DESIGN USA CP TECHNOLOGIES EXFO INC HP INC ALCATEL BLADE NETWORK TECHNOLOGIES CPS EXTREME NETWORKS HUAWEI ALCATEL LUCENT BLONDER TONGUE LABORATORIES CREATIVE LABS EXTRON HUAWEI SYMANTEC TECHNOLOGIES ALLIED TELESIS BLUE COAT SYSTEMS CRESTRON ELECTRONICS F5 NETWORKS IBM ALLOY COMPUTER PRODUCTS LLC BOSCH SECURITY CTC UNION TECHNOLOGIES CO FELLOWES ICOMTECH INC ALTINEX, INC.
  • Vendor Contract

    Vendor Contract

    d/W^sEKZ'ZDEd ĞƚǁĞĞŶ t'ŽǀĞƌŶŵĞŶƚ͕>>ĂŶĚ d,/EdZ>K>WhZ,^/E'^z^dD;d/W^Ϳ &Žƌ Z&Wϭϴ1102 Internet & Network Security 'ĞŶĞƌĂů/ŶĨŽƌŵĂƚŝŽŶ dŚĞsĞŶĚŽƌŐƌĞĞŵĞŶƚ;͞ŐƌĞĞŵĞŶƚ͟ͿŵĂĚĞĂŶĚĞŶƚĞƌĞĚŝŶƚŽďLJĂŶĚďĞƚǁĞĞŶdŚĞ/ŶƚĞƌůŽĐĂů WƵƌĐŚĂƐŝŶŐ^LJƐƚĞŵ;ŚĞƌĞŝŶĂĨƚĞƌƌĞĨĞƌƌĞĚƚŽĂƐ͞d/W^͟ƌĞƐƉĞĐƚĨƵůůLJͿĂŐŽǀĞƌŶŵĞŶƚĐŽŽƉĞƌĂƚŝǀĞ ƉƵƌĐŚĂƐŝŶŐƉƌŽŐƌĂŵĂƵƚŚŽƌŝnjĞĚďLJƚŚĞZĞŐŝŽŶϴĚƵĐĂƚŝŽŶ^ĞƌǀŝĐĞĞŶƚĞƌ͕ŚĂǀŝŶŐŝƚƐƉƌŝŶĐŝƉĂůƉůĂĐĞ ŽĨďƵƐŝŶĞƐƐĂƚϰϴϰϱh^,ǁLJϮϳϭEŽƌƚŚ͕WŝƚƚƐďƵƌŐ͕dĞdžĂƐϳϱϲϴϲ͘dŚŝƐŐƌĞĞŵĞŶƚĐŽŶƐŝƐƚƐŽĨƚŚĞ ƉƌŽǀŝƐŝŽŶƐƐĞƚĨŽƌƚŚďĞůŽǁ͕ŝŶĐůƵĚŝŶŐƉƌŽǀŝƐŝŽŶƐŽĨĂůůƚƚĂĐŚŵĞŶƚƐƌĞĨĞƌĞŶĐĞĚŚĞƌĞŝŶ͘/ŶƚŚĞĞǀĞŶƚŽĨ ĂĐŽŶĨůŝĐƚďĞƚǁĞĞŶƚŚĞƉƌŽǀŝƐŝŽŶƐƐĞƚĨŽƌƚŚďĞůŽǁĂŶĚƚŚŽƐĞĐŽŶƚĂŝŶĞĚŝŶĂŶLJƚƚĂĐŚŵĞŶƚ͕ƚŚĞ ƉƌŽǀŝƐŝŽŶƐƐĞƚĨŽƌƚŚƐŚĂůůĐŽŶƚƌŽů͘ dŚĞǀĞŶĚŽƌŐƌĞĞŵĞŶƚƐŚĂůůŝŶĐůƵĚĞĂŶĚŝŶĐŽƌƉŽƌĂƚĞďLJƌĞĨĞƌĞŶĐĞƚŚŝƐŐƌĞĞŵĞŶƚ͕ƚŚĞƚĞƌŵƐĂŶĚ ĐŽŶĚŝƚŝŽŶƐ͕ƐƉĞĐŝĂůƚĞƌŵƐĂŶĚĐŽŶĚŝƚŝŽŶƐ͕ĂŶLJĂŐƌĞĞĚƵƉŽŶĂŵĞŶĚŵĞŶƚƐ͕ĂƐǁĞůůĂƐĂůůŽĨƚŚĞƐĞĐƚŝŽŶƐ ŽĨƚŚĞƐŽůŝĐŝƚĂƚŝŽŶĂƐƉŽƐƚĞĚ͕ŝŶĐůƵĚŝŶŐĂŶLJĂĚĚĞŶĚĂĂŶĚƚŚĞĂǁĂƌĚĞĚǀĞŶĚŽƌ͛ƐƉƌŽƉŽƐĂů͘͘KƚŚĞƌ ĚŽĐƵŵĞŶƚƐƚŽďĞŝŶĐůƵĚĞĚĂƌĞƚŚĞĂǁĂƌĚĞĚǀĞŶĚŽƌ͛ƐƉƌŽƉŽƐĂůƐ͕ƚĂƐŬŽƌĚĞƌƐ͕ƉƵƌĐŚĂƐĞŽƌĚĞƌƐĂŶĚĂŶLJ ĂĚũƵƐƚŵĞŶƚƐǁŚŝĐŚŚĂǀĞďĞĞŶŝƐƐƵĞĚ͘/ĨĚĞǀŝĂƚŝŽŶƐĂƌĞƐƵďŵŝƚƚĞĚƚŽd/W^ďLJƚŚĞƉƌŽƉŽƐŝŶŐǀĞŶĚŽƌĂƐ ƉƌŽǀŝĚĞĚďLJĂŶĚǁŝƚŚŝŶƚŚĞƐŽůŝĐŝƚĂƚŝŽŶƉƌŽĐĞƐƐ͕ƚŚŝƐŐƌĞĞŵĞŶƚŵĂLJďĞĂŵĞŶĚĞĚƚŽŝŶĐŽƌƉŽƌĂƚĞĂŶLJ ĂŐƌĞĞĚĚĞǀŝĂƚŝŽŶƐ͘ dŚĞĨŽůůŽǁŝŶŐƉĂŐĞƐǁŝůůĐŽŶƐƚŝƚƵƚĞƚŚĞŐƌĞĞŵĞŶƚďĞƚǁĞĞŶƚŚĞƐƵĐĐĞƐƐĨƵůǀĞŶĚŽƌƐ;ƐͿĂŶĚd/W^͘ ŝĚĚĞƌƐƐŚĂůůƐƚĂƚĞ͕ŝŶĂƐĞƉĂƌĂƚĞǁƌŝƚŝŶŐ͕ĂŶĚŝŶĐůƵĚĞǁŝƚŚƚŚĞŝƌƉƌŽƉŽƐĂůƌĞƐƉŽŶƐĞ͕ĂŶLJƌĞƋƵŝƌĞĚ ĞdžĐĞƉƚŝŽŶƐŽƌĚĞǀŝĂƚŝŽŶƐĨƌŽŵƚŚĞƐĞƚĞƌŵƐ͕ĐŽŶĚŝƚŝŽŶƐ͕ĂŶĚƐƉĞĐŝĨŝĐĂƚŝŽŶƐ͘/ĨĂŐƌĞĞĚƚŽďLJd/W^͕ƚŚĞLJ ǁŝůůďĞŝŶĐŽƌƉŽƌĂƚĞĚŝŶƚŽƚŚĞĨŝŶĂůŐƌĞĞŵĞŶƚ͘ WƵƌĐŚĂƐĞKƌĚĞƌ͕ŐƌĞĞŵĞŶƚŽƌŽŶƚƌĂĐƚŝƐƚŚĞd/W^DĞŵďĞƌ͛ƐĂƉƉƌŽǀĂůƉƌŽǀŝĚŝŶŐƚŚĞ ĂƵƚŚŽƌŝƚLJƚŽƉƌŽĐĞĞĚǁŝƚŚƚŚĞŶĞŐŽƚŝĂƚĞĚĚĞůŝǀĞƌLJŽƌĚĞƌƵŶĚĞƌƚŚĞŐƌĞĞŵĞŶƚ͘^ƉĞĐŝĂůƚĞƌŵƐ
  • What Are Kernel-Mode Rootkits?

    What Are Kernel-Mode Rootkits?

    www.it-ebooks.info Hacking Exposed™ Malware & Rootkits Reviews “Accessible but not dumbed-down, this latest addition to the Hacking Exposed series is a stellar example of why this series remains one of the best-selling security franchises out there. System administrators and Average Joe computer users alike need to come to grips with the sophistication and stealth of modern malware, and this book calmly and clearly explains the threat.” —Brian Krebs, Reporter for The Washington Post and author of the Security Fix Blog “A harrowing guide to where the bad guys hide, and how you can find them.” —Dan Kaminsky, Director of Penetration Testing, IOActive, Inc. “The authors tackle malware, a deep and diverse issue in computer security, with common terms and relevant examples. Malware is a cold deadly tool in hacking; the authors address it openly, showing its capabilities with direct technical insight. The result is a good read that moves quickly, filling in the gaps even for the knowledgeable reader.” —Christopher Jordan, VP, Threat Intelligence, McAfee; Principal Investigator to DHS Botnet Research “Remember the end-of-semester review sessions where the instructor would go over everything from the whole term in just enough detail so you would understand all the key points, but also leave you with enough references to dig deeper where you wanted? Hacking Exposed Malware & Rootkits resembles this! A top-notch reference for novices and security professionals alike, this book provides just enough detail to explain the topics being presented, but not too much to dissuade those new to security.” —LTC Ron Dodge, U.S.
  • SCO Unixware Release 7.1.4

    SCO Unixware Release 7.1.4

    Product Announcement US Dollar Suggested List Prices For SCO Authorized Distributors World-wide SCO UnixWare Release 7.1.4 3 May 2004: SCO announces product and availability details for SCO UnixWare® 7.1.4, the latest version of the UnixWare family of operating system products. In addition to new features and support for the latest hardware, this release introduces significant enhancements to the default configurations for most current editions of the product and introduces the new Small Business Edition designed for small business and edge of network applications. The SCO Update Service is available as a cost effective option to upgrade to the next release of UnixWare. Customers who license the SCO Update Service receive electronic delivery of incremental feature updates to UnixWare 7.1.4 up to and including the next UnixWare release. New Media Kits and printed documentation will be available for English, French, German and Spanish languages. Availability details are contained below. A full set of new license keys, and upgrade and trade-in keys are also being provided for this new release. This announcement includes: 1 Description 2 Availability 3 Small Business Edition and Revised Edition Defaults 4 New and Changed in UnixWare Release 7.1.4 5 Optional Services Changes 6 SCO Update Service 7 OpenServer Kernel Personality (OKP) 8 UnixWare and OpenServer Development Kit (UDK) 9 New SCOx Components for UnixWare 7.1.4 10 Model Numbers and Pricing 11 New Optional Bundled Support 12 Upgrades and Trade-Ins 13 Media Kit Contents 14 SCO Global Services 15 System Requirements For more information visit: • UnixWare www.sco.com/products • SCO Support www.sco.com/support 1 Description UnixWare 7.1.4 is the latest release of SCO’s award winning, state of the art UNIX operating system.
  • 1.4. Introducción a Unix Y Linux

    1.4. Introducción a Unix Y Linux

    APUNTES USC www.apuntesusc.es Administración de Sistemas e Redes Grao en Enxeñaría Informática Grao Escola Técnica Superior de Enxeñaría Universidade de Santiago de Compostela Tomás Fernández Pena [email protected] 5 de septiembre de 2018 APUNTES USC www.apuntesusc.es APUNTES USC www.apuntesusc.es APUNTES USC www.apuntesusc.es APUNTES USC www.apuntesusc.es Índice general 1. Introducción a la administración de sistemas1 1.1. Introducción a la asignatura...................1 1.1.1. La figura del administrador de sistemas.........1 1.1.2. Objetivos de la asignatura................1 1.1.3. ¿Por qué UNIX/GNU Linux?..............2 1.1.4. Información oficial....................2 1.1.5. Relación con otras asignaturas..............3 1.2. Tareas de un administrador de sistemas.............3 1.2.1. Principales tareas.....................5 1.3. Políticas y estándares.......................6 1.3.1. Políticas y procedimientos................7 1.3.2. Estándares y recomendaciones..............9 1.4. Introducción a Unix y Linux................... 12 1.4.1. Historia de Unix..................... 12 1.4.2. Sistemas GNU/Linux................... 15 1.4.3. Distribuciones de GNU/Linux.............. 18 1.5. Virtualización........................... 22 2. Introducción a los sistemas Linux/Unix 26 2.1. Instalación de Linux Debian................... 26 2.1.1. Tipos de instalación................... 26 2.1.2. Instalación del sistema.................. 27 2.1.3. Arranque del sistema................... 44 2.1.4. Verificación de la instalación............... 47 2.2. Instalación de software...................... 51 2.2.1. Formas de instalación................... 51 2.2.2. dpkg............................ 52 2.2.3. APT - Advanced Packaging Tools............ 56 2.2.3.1. Corrección de problemas...........