Rootkit detection is difficult because a rootkit may be able to subvert the software that is intended to find it. Full control over a system means that existing software can be modified, including software that might otherwise be used to detect or circumvent it. Once installed, it becomes possible to hide the intrusion as well as to maintain privileged access. exploiting a known vulnerability (such as privilege escalation) or a password (obtained by cracking or social engineering tactics like " phishing"). Obtaining this access is a result of direct attack on a system, i.e. Rootkit installation can be automated, or an attacker can install it after having obtained root or administrator access. The term "rootkit" has negative connotations through its association with malware. The term rootkit is a compound of " root" (the traditional name of the privileged account on Unix-like operating systems) and the word "kit" (which refers to the software components that implement the tool). Security information and event management (SIEM)Ī rootkit is a collection of computer software, typically malicious, designed to enable access to a computer or an area of its software that is not otherwise allowed (for example, to an unauthorized user) and often masks its existence or the existence of other software.Host-based intrusion detection system (HIDS).
0 Comments
Leave a Reply. |