DOC PREVIEW
UW CSEP 590 - Computer Security and Rootkits

This preview shows page 1-2-16-17-18-33-34 out of 34 pages.

Save
View full document
View full document
Premium Document
Do you want full access? Go Premium and unlock all 34 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 34 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 34 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 34 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 34 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 34 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 34 pages.
Access to all documents
Download any document
Ad free experience
Premium Document
Do you want full access? Go Premium and unlock all 34 pages.
Access to all documents
Download any document
Ad free experience

Unformatted text preview:

1 Computer Security and Rootkits by Jameel Alsalam, Somnath Banerjee, Grant Musick and Rares Saftoiu2 Table of Contents 1. Introduction..................................................................................................................... 3 2. What is a rootkit?............................................................................................................ 4 3. Current vulnerability assessment .................................................................................... 6 3.1. Windows vulnerabilities (2k/2k3/XP/64-bit)........................................................... 6 3.2 Linux/Unix/OS X vulnerabilities.............................................................................. 8 4. Estimated Attack Damage............................................................................................. 10 4.1 Home users.............................................................................................................. 10 4.1.1 Identity and private information theft.............................................................. 10 4.1.2 Turning home user’s computers into zombies for unethical/criminal activity 12 4.1.3 Loss of time/money/confidence....................................................................... 12 4.2 Enterprise and Governmental Systems ................................................................... 12 4.2.1 Direct costs....................................................................................................... 13 4.2.2 Indirect costs .................................................................................................... 14 4.2.3 Failure Costs .................................................................................................... 16 5. Preventative and Responsive measures ........................................................................ 17 5.1 Technical Responses............................................................................................... 17 5.2 Policy Responses .................................................................................................... 20 5.2.1 Existing Policy................................................................................................. 20 5.2.2 Policy Recommendations................................................................................. 23 6. Cost analysis of proposed measures ............................................................................. 25 6.1 Technical Perspective ............................................................................................. 25 6.2 Policy Perspective................................................................................................... 27 7. Conclusion .................................................................................................................... 29 8. Glossary ........................................................................................................................ 30 9. Endnotes........................................................................................................................ 323 1. Introduction Computer security has been a problem since the inception of computing itself. In the beginning, computer security was enforced by restricting physical access to the equipment itself. However, as networked computing became more and more prevalent, the restriction of physical access was rendered insufficient. An attacker hundreds of miles away was now able to compromise a computer system remotely. With the dawn of the Internet age and the interconnection of millions of computers, remote attacks have become commonplace. In response, a new branch of computing came into existence. As attacks became more and more frequent, began to offer their services to secure computer systems. Thus came the anti-virus and firewall vendors who help protect computer systems by keeping them clean and shielding them from remote attacks. The establishment of the computer security industry gave rise to an arms race between two groups – the criminals or black hats trying to get their malicious software onto other computer systems and the security vendors or white hats trying to detect it and remove it before it causes damage. In the middle of this cyber arms race is an attack technique that has made life extraordinarily difficult for the white hats. It is a technique that hides what an attacker is doing to a computer system in such a way that the computer’s owner may never figure out that someone else is running his or her machine. The technique is called “rooting” a system and at the heart of it is a software package called a rootkit.4 2. What is a rootkit? A rootkit is a suite of one or more programs that allows a third party to hide files and activities from the administrator of a computer system. An intruder takes advantage of one or more known vulnerabilities on a particular computing platform to deliver and install the rootkit. Once the rootkit is in place, the intruder can use the infected system while remaining undetected. The original intent of rootkits (circa 1996) appears to have centered simply on hiding programs that would allow an attacker to “sniff” or spy on traffic going to and from a computer system. They earned the name “rootkits” because they were mainly used on Unix derived computer systems where the top-level administrative account is called “root”. Thus to “root” a system is to obtain top-level administrative privileges and hence obtain full control of the system.1 In the last few years however, attacks have grown in sophistication and the targets have changed. Home users (especially users of Microsoft Windows family of operating systems) are now the primary targets. Not only are attackers trying to harvest information from the targeted computer systems, they also take over the systems and use them as building blocks for “bot-nets”. These bot-nets can then be used in a variety of ways, including spam forwarding and extortion. While performing the latter, an attacker demands money from a corporation, threatening a DDOS attack against their corporate website(s) as a consequence of non-payment. Even well-known and respected companies have been known to use rootkits as a way to enforce their own DRM policies or keep end-users from eliminating adware.5 Rootkits of varying levels of sophistication are known to exist for all


View Full Document

UW CSEP 590 - Computer Security and Rootkits

Documents in this Course
Sequitur

Sequitur

56 pages

Sequitur

Sequitur

56 pages

Protocols

Protocols

106 pages

Spyware

Spyware

31 pages

Sequitur

Sequitur

10 pages

Load more
Download Computer Security and Rootkits
Our administrator received your request to download this document. We will send you the file to your email shortly.
Loading Unlocking...
Login

Join to view Computer Security and Rootkits and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view Computer Security and Rootkits 2 2 and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?