|
|
|
Modern Operating Systems by Herbert Bos and Andrew S. Tanenb...
Modern_Operating_Systems_by_Herbert_Bos_and_Andrew_S._Tanenbaum_4th_Ed.pdf
Showing 690 out of 1137
Modern Operating Systems by Herbert Bos and Andrew...
Modern_Operating_Systems_by_Herbert_Bos_and_Andrew_S._Tanenbaum_4th_Ed.pdf-M ODERN O PERATING S YSTEMS
Modern Operating Systems by Herbert...
Modern_Operating_Systems_by_Herbert_Bos_and_Andrew_S._Tanenbaum_4th_Ed.pdf-M ODERN O PERATING S YSTEMS
Page 690
SEC. 9.8
INSIDER ATTACKS
659
inserted by a programmer working for a computer manufacturer and then shipped
with its computers, the programmer could log into any computer made by his com-
pany, no matter who owned it or what was in the password file. The same holds for
a programmer working for the OS vendor.
The back door simply bypasses the
whole authentication process.
One way for companies to prevent backdoors is to have
code reviews
as stan-
dard practice. With this technique, once a programmer has finished writing and
testing a module, the module is checked into a code database. Periodically, all the
programmers in a team get together and each one gets up in front of the group to
explain what his code does, line by line. Not only does this greatly increase the
chance that someone will catch a back door, but it raises the stakes for the pro-
grammer, since being caught red-handed is probably not a plus for his career.
If
the programmers protest too much when this is proposed, having two coworkers
check each other’s code is also a possibility.
9.8.3 Login Spoofing
In this insider attack, the perpetrator is a legitimate user who is attempting to
collect other people’s passwords through a technique called
login spoofing
. It is
typically employed in organizations with many public computers on a LAN used
by multiple users. Many universities, for example, have rooms full of computers
where students can log onto any computer.
It works like this. Normally, when no
one is logged in on a UNIX computer, a screen similar to that of Fig. 9-27(a) is dis-
played. When a user sits down and types a login name, the system asks for a pass-
word. If it is correct, the user is logged in and a shell (and possibly a GUI) is start-
ed.
Login:
Login:
(a)
(b)
Figure 9-27.
(a) Correct login screen. (b) Phony login screen.
Now consider this scenario.
A malicious user, Mal, writes a program to dis-
play the screen of Fig. 9-27(b). It looks amazingly like the screen of Fig. 9-27(a),
except that this is not the system login program running, but a phony one written
by Mal. Mal now starts up his phony login program and walks away to watch the
fun from a safe distance. When a user sits down and types a login name, the pro-
gram responds by asking for a password and disabling echoing. After the login
name and password have been collected, they are written away to a file and the
phony login program sends a signal to kill its shell. This action logs Mal out and
Ace your assessments! Get Better Grades
Browse thousands of Study Materials & Solutions from your Favorite Schools
Concordia University
Concordia_University
School:
Operating_Systems
Course:
Great resource for chem class. Had all the past labs and assignments
Leland P.
Santa Clara University
Introducing Study Plan
Using AI Tools to Help you understand and remember your course concepts better and faster than any other resource.
Find the best videos to learn every concept in that course from Youtube and Tiktok without searching.
Save All Relavent Videos & Materials and access anytime and anywhere
Prepare Smart and Guarantee better grades
Know more
Students also viewed documents
lab 18.docx
lab_18.docx
Course
Course
3
Module5QuizSTA2023.d...
Module5QuizSTA2023.docx.docx
Course
Course
10
Week 7 Test Math302....
Week_7_Test_Math302.docx.docx
Course
Course
30
Chapter 1 Assigment ...
Chapter_1_Assigment_Questions.docx.docx
Course
Course
5
Week 4 tests.docx.do...
Week_4_tests.docx.docx
Course
Course
23
Week 6 tests.docx.do...
Week_6_tests.docx.docx
Course
Course
106
