Comodo Hacker Guardian by pengxuebo

VIEWS: 4 PAGES: 12

									                     TM


Creating Trust Online


           Comodo Hacker Guardian




            Definition of Plug-in Categories
Contents
 Debian Local Security Checks

 Windows

 CGI Abuses

 Windows : Microsoft Bulletins

 Windows : User Management

 FTP (File Transfer Protocol)

 Gentoo Local Security Checks

 Useless Services

 Denial of Service (or rather ‘Denial of Service attack)

 Service Detection

 CGI Abuses: XSS

 Backdoors

 Peer-To-Peer File Sharing

 General

 Misc.

 Default Unix Accounts

 Remote File Access

 Firewalls

 Gain Root Remotely

 SMTP Problems

 SNMP

 Port scanners
Gain a Shell Remotely

Netware 8 Plugins

CISCO

Finger Abuses

AIX Local Security Checks

AIX Local Security Checks

MacOS X Local Security Checks

Red Hat Local Security Checks

Solaris Local Security Checks

HP-UX Local Security Checks

FreeBSD Local Security Checks

Mandrake Local Security Checks

SuSE Local Security Checks

Fedora Local Security Checks

Slackware Local Security Checks

Web Servers

NIS

Ubuntu Local Security Checks

About Comodo
Debian Local Security Checks
Debian, organized by the Debian Project, is a widely used distribution of free software developed through the
collaboration of volunteers from around the world. Since its inception, the released system, Debian GNU/Linux, has been
based on the Linux kernel, with many basic tools of the operating system from the GNU project. Hacker Guardian runs
series of tests to determine whether there are any security flaws in the operating system (OS) and the services that OS
runs on the target server.




Windows
Microsoft Windows is a family of operating systems by Microsoft. They can run on several types of platforms such as
servers, embedded devices and, most typically, on personal computers. Hacker Guardian runs series of tests to
determine whether there are any security flaws in the operating system (OS) and the services that OS runs on the target
server.




CGI Abuses
The Common Gateway Interface (CGI) is a standard protocol for interfacing external application software with an
information server, commonly a web server. This allows the server to pass requests from a client web browser to the
external application. The web server can then return the output from the application to the web browser. This information
can consist of confidential consumer data. A CGI abuse occurs when a hacker intercepts the requests from the web
browser to the application.




Windows : Microsoft Bulletins
When necessary, Microsoft provides a new security update on the second Tuesday of each month and sends a bulletin
announcing the update.

More details can be found here: http://www.microsoft.com/athome/security/update/bulletins/default.mspx

Hacker Guardian detects whether any vulnerabilities outlined in these bulletins are present on a server.




Windows : User Management
Windows User management services provide the ability to maintain a user's preferences and privileges. Hacker Guardian
checks for any vulnerabilities in the Windows OS user management functionality (User account management and
security).




FTP (File Transfer Protocol)
The protocol used on the Internet for exchanging files. FTP uses the Internet's TCP/IP protocols to enable data transfer.
FTP is most commonly used to download a file from a server using the Internet or to upload a file to a server (eg,
uploading a Web page file to a server. Hacker Guardian checks whether a server could be putting sensitive data at risk
by running insecure or outdated FTP services.




Gentoo Local Security Checks
Gentoo Linux is a Linux distribution named after the Gentoo Penguin. It is designed to be modular, portable, easy to
maintain, flexible, and optimized for the user's machine. This is accomplished by building all tools and utilities from source
code, although, for convenience, several large software packages are also available as precompiled binaries for various
architectures. Gentoo achieves this via the Portage system. Hacker Guardian runs series of tests to determine whether
there are any security flaws in the operating system (OS) and the services that OS runs on the target server.




Useless Services
A program that can be automatically started as part of the operating system start-up process and that runs continuously
in the background. Hacker Guardian detects any unused services running on an operating system and notifies the
administrator. Furthermore, Hacker Guardian checks that these unused services are secure and not vulnerable to attack.




Denial of Service (or rather ‘Denial of Service attack)
In computer security, a denial-of-service attack (DoS attack) is an attempt to make a computer resource unavailable to its
intended users. Typically the targets are high-profile web servers where the attack is aiming to cause the hosted web
pages to be unavailable on the Internet. It is a computer crime that violates the Internet proper use policy as indicated by
the Internet Architecture Board (IAB).

DoS attacks have two general forms:

- Force the victim computer(s) to reset or consume its resources such that it can no longer provide its intended service.

- Obstruct the communication media between the intended users and the victim in such that they can no longer
communicate adequately.

 Hacker Guardian tests whether a server is vulnerable to DoS attacks and provides immediate remediation advice if any
are found.




Service Detection
Service detection protocols are network protocols which allow automatic detection of devices and services offered by
these devices on a computer network. If a server is open to attacks on these protocols, then the server is vulnerable to,
amongst others, a Denial of Service Attack Hacker Guardian tests whether a server is vulnerable to DoS attacks and
provides immediate remediation advice if any are found.
CGI Abuses: XSS
Cross site scripting (XSS) is a type of computer security exploit where information from one context, where it is not
trusted, can be inserted into another context, where it is trusted. From the trusted context, an attack can be launched. For
example, a hacker may create a bogus login box hosted on his own server where customers enter their details. The login
box html is then inserted inside the real, trusted website. The rest of the page is the genuine page, but the login box part
of the page is hosted on the attacker’s server. The customer assumes they are entering information into the real website.
but are in fact entering information into the fake login box. Hacker Guardian tests whether a server is vulnerable to this
type of attack.




Backdoors
Backdoors are a way for computer hackers to illegitimately gain access to a computer or server. A backdoor in a
computer system (or cryptosystem or algorithm) is a method of bypassing normal authentication or securing remote
access to a computer, while attempting to remain hidden from casual inspection. The backdoor may take the form of an
installed program (e.g., Back Orifice or the Sony/BMG rootkit backdoor installed when any of millions of Sony music CDs
were played on a Windows computer), or could be a modification to a legitimate program.




Peer-To-Peer File Sharing
File sharing is the practice of making files available for other users to download over the Internet and smaller networks.
Usually file sharing follows the peer-to-peer (P2P) model, where the files are stored on and served by personal
computers of the users. Most people who engage in file sharing are also downloading files that other users share. Whilst
P2P represents a great way to share files, it has become a notorious source of malware and vulnerability exploits. Hacker
Guardian tests whether a server is vulnerable to any known P2P vulnerabilities.


General
As the name suggests, these are types of attacks that don’t fall under the heading of the other attack categories.


Misc.
As the name suggests, these are types of attacks that don’t fall under the heading of the other attack categories.




Default Unix Accounts
If a server is running the UNIX operating system, Hacker Guardian checks that all user accounts have been password
protected. It also checks all UNIX user accounts to ensure they have changed their password from the default password
that UNIX shipped with. If a user has not changed their password from the widely known default password then this
presents an easy way for a hacker to break into a system.




Remote File Access
This type of vulnerability allows a malicious user to access important system or confidential files on a server. Hacker
Guardian detects if a server is vulnerable to this type of attack and provides remediation advice if it is. These attacks are
most likely to occur on servers using the Network File System (NFS) – which allows different makes of computers running
different operating systems to share files and disk storage.




Firewalls
A firewall is a piece of hardware and/or software which functions in a networked environment to prevent some
communications forbidden by the security policy. The ultimate goal is to provide controlled connectivity between zones of
differing trust levels through the enforcement of a security policy and connectivity model based on the least privilege
principle.

By their very nature, firewalls have to leave certain ports open for the operation of web, mail, ftp and other Internet based
services - leaving you vulnerable to exploitation on these very ports. Hacker Guardian vulnerability scans identify and
deliver fix recommendations on all these avenues of insecurity.




Gain Root Remotely
A flaw that can allow a remote attacker to gain root privileges. If remote connections are allowed and vulnerable, then an
attacker can exploit the vulnerability to gain root access.




SMTP Problems
Simple Mail Transfer Protocol is the de facto standard for e-mail transmission across the Internet. SMTP is a relatively
simple, text-based protocol, where one or more recipients of a message are specified (and in most cases verified to exist)
and then the message text is transferred. ‘SMTP problems’ exist when a server is vulnerable to attacks on this protocol
and are usually detected if there is a problem with the mail server. Therefore, if a server has SMTP problems, the
possibility exists that email messages could be intercepted by a hacker.




SNMP
Simple Network Management Protocol. The network management protocol used almost exclusively in TCP/IP networks.
SNMP provides a means to monitor and control network devices, and to manage configurations, statistics collection,
performance, and security. This family of tests examines a server to identify if it is vulnerable to attacks on the SNMP
protocol.




Port scanners
A port scanner is a piece of software designed to search a network host for open ports. This is often used by
administrators to check the security of their networks and by crackers to compromise it. Hacker Guardian detects whether
or not a server is open to illicit port scanning or ‘snooping’.
Gain a Shell Remotely
When the remote login/remote shell service trusts every host on the network, a malicious super user on an arbitrary host
can gain access as any user (except perhaps root). Once inside, the intruder can replace system programs or
configuration files (such as the password file) and take over the machine.

In addition, there are guest or administrative accounts that might not have passwords protecting the account, which
allows anyone to remotely login as that user and gain access to the host.

Hacker Guardian runs a series of tests to determine whether a server is vulnerable to such attacks.


Netware 8 Plugins
Netware 8 is a popular local-area network (LAN) operating system developed by the Novell Corporation. It runs on a
variety of different types of LANs, from Ethernet to IBM token-ring networks. Netware8 Plugins are small programs that

integrate with and expand the functionality of the Netware 8 operating system. Often these are written by 3 rd party
vendors and sometimes are installed whilst still in beta version. Hacker Guardian checks that any Netware plugins
installed on a server pose no threat to security. If they do, the user is provided with effective remediation advice.




CISCO
CISCO is one of the leading manufacturers of network equipment. Cisco’s primary business is in Internet working
products, such as routers, bridges, and switches. Hacker Guardian tests whether a server is open to any CISCO
equipment specific vulnerabilities.




Finger Abuses
A Unix program that displays information about a particular user or all users logged on the system, or a remote system.
Finger typically shows full name, last login time, idle time, terminal line, and terminal location. A finger abuse happens
when a hacker remotely activates this program to discover information about the server. Hacker Guardian detects and
helps remediate any vulnerability to finger abuse on a server.




AIX Local Security Checks
AIX (Advanced Interactive eXecutive) is a proprietary operating system developed by IBM based on UNIX System V.
Before the product was ever marketed, the acronym AIX originally stood for Advanced IBM UNIX. Hacker Guardian runs
series of tests to determine whether there are any security flaws in the operating system (OS) and the services that OS
runs on the target server.




RPC (Remote Procedure Call)
A protocol which allows a program running on one host to cause code to be executed on another host without the
programmer needing to explicitly code for this. An RPC is initiated by the caller (client) sending request message to a
remote system (the server) to execute a certain procedure using the arguments supplied. RPC attacks can be executed
remotely or local and leave the server open to a number of attack vectors, including Gain the Root Remotely (which gives
an attacker complete control over a server) and Denial of Service attacks (overloading a server with thousands of
simultaneous requests until it crashes or slows down). Hacker Guardian tests whether a server is vulnerable to all known
RPC exploits.




MacOS X Local Security Checks
Mac OS, which stands for Macintosh Operating System, is the trademarked name for a series of graphical user interface-
based operating systems developed by Apple Computer for their Macintosh line of computer systems. The Mac OS is
often credited with popularizing the graphical user interface. It was first introduced in 1984 with the original Macintosh
128K. Hacker Guardian runs series of tests to determine whether there are any security flaws in the Macintosh Operating
System (Mac OS) and the services that Mac OS runs on the target server.




Red Hat Local Security Checks
Red Hat is one of the largest and most recognized companies dedicated to open source software. The name "Red Hat" is
also frequently used to refer to the two variants of Linux the company produces under that name, Red Hat Enterprise
Linux and the now-superseded Red Hat Linux. Hacker Guardian runs series of tests to determine whether there are any
security flaws in the operating systems (OS) and the services that the OS’s run on the target server.




Solaris Local Security Checks
Solaris is a computer operating system developed by Sun Microsystems. It is certified as a version of Unix. Although
Solaris proper is still proprietary software, the core OS has been made into an open source project, OpenSolaris. Hacker
Guardian runs series of tests to determine whether there are any security flaws in the operating system (OS) and the
services that OS runs on the target server.




HP-UX Local Security Checks
HP-UX (Hewlett Packard UniX) is Hewlett-Packard's proprietary implementation of the Unix operating system, based on
System V (initially System III). It runs on their PA-RISC range of processors and Intel's Itanium processor, and was also
available for later Apollo/Domain systems. Hacker Guardian runs series of tests to determine whether there are any
security flaws in the operating system (OS) and the services that OS runs on the target server.



FreeBSD Local Security Checks
FreeBSD is a Unix-like free operating system descended from AT&T UNIX via the Berkeley Software Distribution (BSD)
branch through the 386BSD and 4.4BSD operating systems. Hacker Guardian runs series of tests to determine whether
there are any security flaws in the operating system (OS) and the services that OS runs on the target server.




Mandrake Local Security Checks
Mandriva Linux (formerly Mandrakelinux or Mandrake Linux, and an acquisition of Conectiva and Lycoris) is a Linux
distribution created by Mandriva (formerly Mandrakesoft). The first release was based on Red Hat Linux (version 5.1) and
KDE (version 1.0) in July 1998. It has since diverged from Red Hat and has included a number of original tools mostly to
ease system configuration. Hacker Guardian runs series of tests to determine whether there are any security flaws in the
operating system (OS) and the services that OS runs on the target server.



SuSE Local Security Checks
SUSE is a major retail Linux distribution, produced in Germany. The company is owned by Novell, Inc. SUSE is also a
founding member of the Desktop Linux Consortium. Hacker Guardian runs series of tests to determine whether there are
any security flaws in the operating system (OS) and the services that OS runs on the target server.



Fedora Local Security Checks
Fedora Core is an RPM-based Linux distribution, developed by the community-supported Fedora Project and sponsored
by Red Hat. The name derives from Red Hat's characteristic fedora used in its "Shadowman" logo. However, the Fedora
community project had existed as a volunteer group providing extra software for the Red Hat Linux distribution before
Red Hat got involved as a direct sponsor.

Fedora aims to be a complete, general-purpose operating system built from open source software. Hacker Guardian runs
series of tests to determine whether there are any security flaws in the operating system (OS) and the services that OS
runs on the target server.


Slackware Local Security Checks
Slackware was one of the earliest Linux distributions, and is the oldest distribution still being maintained. It was created
by Patrick Volkerding of Slackware Linux, Inc. It has a policy of incorporating only stable releases of applications,
standing mainly for stability and simplicity. For a good while, other Linux distributions that came after it were in fact
evaluated for their "Slackware compatibility". Hacker Guardian runs series of tests to determine whether there are any
security flaws in the operating system (OS) and the services that OS runs on the target server.




Web Servers
The term Web server can mean one of two things:
1. A computer that is responsible for accepting HTTP requests from clients, which are known as Web browsers, and
serving them Web pages, which are usually HTML documents and linked objects (images, etc.).
2. A computer program that provides the functionality described in the first sense of the term.

The two most widely used web servers are Microsoft IIS and the open source ‘Apache’ web server.

Hacker Guardian identifies which web server(s) is/are running on a machine and runs a series of tests to determine
whether they are vulnerable to attack.




NIS
The Network Information Service or NIS is Sun Microsystems' "Yellow Pages" (YP) client-server directory service protocol
for distributing system configuration data such as user and host names between computers on a computer network. It is
used for maintenance and distribution of a central directory of user and group information, hostnames, e-mail aliases and
other text-based tables of information in a computer network. Obviously if the NIS was compromised, an attacker could
have almost complete access to any user and server configuration data on a server. Hacker Guardian runs a set of
stringent tests to determine whether the Network Information Service is vulnerable to exploit and attack.
Ubuntu Local Security Checks
Ubuntu is a Linux distribution offering an operating system predominantly targeted at personal computers. Based on
Debian GNU/Linux, Ubuntu concentrates on usability, freedom from restriction of use, regular releases, and ease of
installation. Hacker Guardian runs series of tests to determine whether there are any security flaws in the operating
system (OS) and the services that OS runs on the target server.
About Comodo
Comodo is a leading global provider of Identity and Trust Assurance services on the Internet, with over 200,000
customers worldwide. Headquartered in Jersey City, NJ with global offices in the UK, Ukraine and India, the company
offers businesses and consumers the intelligent security, authentication and assurance services necessary to ensure
trust in online transactions.

 As a leading Certification Authority, and in combination with the Digital Trust Lab (DTL), Comodo helps enterprises
address digital ecommerce and infrastructure needs with reliable, third generation solutions that improve customer
relationships, enhance customer trust and create efficiencies across digital ecommerce operations. Comodo’s solutions
include SSL certificates, integrated Web hosting management solutions, web content authentication, infrastructure
services, digital e-commerce services, digital certification, identity assurance, customer privacy and vulnerability
management solutions.

For additional information on Comodo – Creating Trust Online ™ please visit www.comodo.com.




Comodo
US Headquarters,
525 Washington Blvd.,
Jersey City, NJ 07310
Tel : +1.888.COMODO.1
email : sales@comodo.com


Comodo Group Inc.,
3rd Floor, Office Village,
Exchange Quay, Trafford Road,
Salford, Manchester M5 3EQ,
United Kingdom.
Tel Sales: +44 (0) 161 874 7070
Fax Sales: +44 (0) 161 877 7025


www.comodo.com

								
To top