Attack and Vulnerability Penetration Testing: FreeBSD

Deris Stiawan, Mohd. Yazid Idris, Abdul Hanan Abdullah

Abstract


 Computer system security has become a major concern over the past few years. Attacks, threats or intrusions, against computer system and network have become commonplace events. However, there are some system devices and other tools that are available to overcome the threat of these attacks. Currently, cyber attack is a major research and inevitable. This paper presents some steps of penetration in FreeBSD operating system, some tools and new steps to attack used in this experiment, probes for reconnaissance, guessing password via brute force, gaining privilege access and flooding victim machine to decrease availability. All these attacks were executed and infiltrate within the environment of Intrusion Threat Detection Universiti Teknologi Malaysia (ITD UTM) data set. This work is expected to be a reference for practitioners to prepare their systems from Internet attacks.


Full Text:

PDF

References


CERT-IST. Cert-IST 2011 annual review regarding flaws and attacks. 2012.

G Kenneth. Cyber Weapons Convention. Computer Law & Security Review. 2010; 26: 547-551.

S Mansfield-Devine. DDoS: threats and mitigation. Network Security. 2011; 5-12.

S David. The state of network security. Network Security. 2012; 14-20.

S Lakka, et al. Competitive dynamics in the operating systems market: Modeling and policy implications. Technological Forecasting and Social Change. 2013; 80: 88-105.

V Visoottiviseth, N Bureenok. Performance Comparison of ISATAP Implementations on FreeBSD, RedHat, and Windows 2003. 2008: 547-552.

A Alhomoud, et al. Performance Evaluation Study of Intrusion Detection Systems. Procedia Computer Science. 2011; 5: 173-180.

D Stiawan, et al. (2012, Intrusion & Threat Detection Universiti Teknologi Malaysia Dataset. Available: http://pcrg-utm.org/dataset/.

J McHugh. Testing Intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln Laboratory. ACM Transactions on Information and System Security. 2000; 3: 262-294.

CA Catania, CG Garino. Automatic network intrusion detection: Current techniques and open issues. Computers and Electrical Engineering. 2012; 38: 1062-1072.

CP software. 2012, Riverbed® Cascade® Pilot software. Available: http://www.riverbed.com/us/products/cascade/cascade_pilot.php.

N Hubballi, et al. An Active Intrusion Detection System for LAN Specific Attacks. In: T Kim, H Adeli. Editors. Advances in Computer Science and Information Technology. vol. 6059. Heidelberg: Springer Berlin; 2010: 129-142.

N Hubballi, et al. LAN attack detection using Discrete Event Systems. ISA Transactions. 2011; 50: 119-130.

Martin Zaefferer, et al. Intrusion Detection: Case Study. Master of Engineering Automation and IT, Faculty for Informatics and Engineering, University of Applied Sciences Cologne. Gummersbach. 2012.

N Mansourov, D Campara. Chapter 6 - Knowledge of vulnerabilities as an element of cybersecurity argument. 2011: 147-170.

H Gascon, et al. Analysis of update delays in signature-based network intrusion detection systems. 2011; 30: 613–624.




DOI: http://doi.org/10.12928/telkomnika.v11i2.942

Refbacks

  • There are currently no refbacks.


Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

TELKOMNIKA Telecommunication, Computing, Electronics and Control
ISSN: 1693-6930, e-ISSN: 2302-9293
Universitas Ahmad Dahlan, 4th Campus
Jl. Ringroad Selatan, Kragilan, Tamanan, Banguntapan, Bantul, Yogyakarta, Indonesia 55191
Phone: +62 (274) 563515, 511830, 379418, 371120
Fax: +62 274 564604

View TELKOMNIKA Stats