Security guide to network security fundamentals third edition
This presentation is the property of its rightful owner.
Sponsored Links
1 / 61

Security+ Guide to Network Security Fundamentals, Third Edition PowerPoint PPT Presentation


  • 125 Views
  • Uploaded on
  • Presentation posted in: General

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 2 Systems Threats and Risks. Objectives. Describe the different types of software-based attacks List types of hardware attacks Define virtualization and explain how attackers are targeting virtual systems.

Download Presentation

Security+ Guide to Network Security Fundamentals, Third Edition

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Security guide to network security fundamentals third edition

Security+ Guide to Network Security Fundamentals, Third Edition

Chapter 2

Systems Threats and Risks


Objectives

Objectives

  • Describe the different types of software-based attacks

  • List types of hardware attacks

  • Define virtualization and explain how attackers are targeting virtual systems

Security+ Guide to Network Security Fundamentals, Third Edition


Software based attacks

Software-Based Attacks

  • Malicious software, or malware

    • Software that enters a computer system without the owner’s knowledge or consent

    • Malware is a general term that refers to a wide variety of damaging or annoying software

  • The three primary objectives of malware

    • To infect a computer system

    • Conceal the malware’s malicious actions

    • Bring profit from the actions that it performs

Security+ Guide to Network Security Fundamentals, Third Edition


Infecting malware

Infecting Malware

  • Viruses

    • Programs that secretly attach to another document or program and execute when that document or program is opened

    • Once a virus infects a computer, it performs two separate tasks

      • Replicates itself by spreading to other computers

      • Activates its malicious payload

    • Cause problems ranging from displaying an annoying message to erasing files from a hard drive or causing a computer to crash repeatedly

Security+ Guide to Network Security Fundamentals, Third Edition


Infecting malware continued

Infecting Malware (continued)

Security+ Guide to Network Security Fundamentals, Third Edition


Infecting malware continued1

Infecting Malware (continued)

  • Types of computer viruses

    • File infector virus

    • Resident virus

    • Boot virus

    • Companion virus

    • Macro virus

  • Metamorphic viruses

    • Avoid detection by altering how they appear

  • Polymorphic viruses

    • Also encrypt their content differently each time

Security+ Guide to Network Security Fundamentals, Third Edition


Infecting malware continued2

Infecting Malware (continued)

  • Worm

    • Program designed to take advantage of a vulnerability in an application or an operating system in order to enter a system

    • Worms are different from viruses in two regards:

      • A worm can travel by itself

      • A worm does not require any user action to begin its execution

    • Actions that worms have performed: deleting files on the computer; allowing the computer to be remote-controlled by an attacker

Security+ Guide to Network Security Fundamentals, Third Edition


Concealing malware

Concealing Malware

  • Trojan Horse (or just Trojan)

    • Program advertised as performing one activity that but actually does something else

    • Trojan horse programs are typically executable programs that contain hidden code that attack the computer system

  • Rootkit

    • A set of software tools used by an intruder to break into a computer, obtain special privileges to perform unauthorized functions, and then hide all traces of its existence

Security+ Guide to Network Security Fundamentals, Third Edition


Concealing malware continued

Concealing Malware (continued)

  • Rootkit (continued)

    • The rootkit’s goal is to hide the presence of other types of malicious software

    • Rootkits function by replacing operating system commands with modified versions

      • That are specifically designed to ignore malicious activity so it can escape detection

    • Detecting a rootkit can be difficult

    • Removing a rootkit from an infected computer is extremely difficult

      • You need to reformat the hard drive and reinstall the operating system

Security+ Guide to Network Security Fundamentals, Third Edition


Rootkit analyzers

RootKit Analyzers

Security+ Guide to Network Security Fundamentals, Third Edition


Concealing malware continued1

Concealing Malware (continued)

  • Logic bomb

    • A computer program or a part of a program that lies dormant until it is triggered by a specific logical event

    • Once triggered, the program can perform any number of malicious activities

    • Logic bombs are extremely difficult to detect before they are triggered

  • Privilege escalation

    • Exploiting a vulnerability in software to gain access to resources that the user would normally be restricted from obtaining

Security+ Guide to Network Security Fundamentals, Third Edition


Security guide to network security fundamentals third edition

Security+ Guide to Network Security Fundamentals, Third Edition


Concealing malware continued2

Concealing Malware (continued)

  • Types of privilege escalation

    • When a user with a lower privilege uses privilege escalation to access functions reserved for higher privilege users

    • When a user with restricted privileges accesses the different restricted functions of a similar user

Security+ Guide to Network Security Fundamentals, Third Edition


Malware for profit

Malware for Profit

  • Spam

    • Unsolicited e-mail

    • Sending spam is a lucrative business

    • Costs involved for spamming:

      • E-mail addresses

      • Equipment and Internet connection

    • Text-based spam messages can easily by trapped by special filters

    • Image spam uses graphical images of text in order to circumvent text-based filters

Security+ Guide to Network Security Fundamentals, Third Edition


Security guide to network security fundamentals third edition

Security+ Guide to Network Security Fundamentals, Third Edition


Malware for profit continued

Malware for Profit (continued)

  • Other techniques used by spammers include:

    • GIF layering

    • Word splitting

    • Geometric variance

Security+ Guide to Network Security Fundamentals, Third Edition


Security guide to network security fundamentals third edition

Security+ Guide to Network Security Fundamentals, Third Edition


Malware for profit continued1

Malware for Profit (continued)

Security+ Guide to Network Security Fundamentals, Third Edition


Security guide to network security fundamentals third edition

Security+ Guide to Network Security Fundamentals, Third Edition


Malware for profit continued2

Malware for Profit (continued)

  • Image spam cannot be easily filtered based on the content of the message

  • To detect image spam, one approach is to examine the context of the message and create a profile, asking questions such as:

    • Who sent the message?

    • What is known about the sender?

    • Where does the user go if she responds to this e-mail?

    • What is the nature of the message content?

    • How is the message technically constructed?

Security+ Guide to Network Security Fundamentals, Third Edition


Malware for profit continued3

Malware for Profit (continued)

  • Spyware

    • A general term used for describing software that imposes upon a user’s privacy or security

  • Antispyware Coalition defines spyware as:

    • Technologies that are deployed without the user’s consent and impair the user’s control over:

      • Use of their system resources, including what programs are installed on their computers

      • Collection, use, and distribution of their personal or other sensitive information

      • Material changes that affect their user experience, privacy, or system security

Security+ Guide to Network Security Fundamentals, Third Edition


Malware for profit continued4

Malware for Profit (continued)

  • Spyware has two characteristics that make it very dangerous

    • Spyware creators are motivated by profit

      • Spyware is often more intrusive than viruses, harder to detect, and more difficult to remove

    • Spyware is not always easy to identify

  • Spyware is very widespread

  • Although attackers use several different spyware tools

    • The two most common are adware and keyloggers

Security+ Guide to Network Security Fundamentals


Spyware video

Spyware Video

http://www.youtube.com/watch?v=aH-5kcx_J3A

Security+ Guide to Network Security Fundamentals, Third Edition


Malware for profit continued5

Malware for Profit (continued)

Security+ Guide to Network Security Fundamentals, Third Edition


Malware for profit continued6

Malware for Profit (continued)

  • Adware

    • A software program that delivers advertising content in a manner that is unexpected and unwanted by the user

  • Adware can be a security risk

    • Many adware programs perform a tracking function

      • Monitors and tracks a user’s activities

      • Sends a log of these activities to third parties without the user’s authorization or knowledge

Security+ Guide to Network Security Fundamentals, Third Edition


Malware for profit continued7

Malware for Profit (continued)

  • Keylogger

    • A small hardware device or a program that monitors each keystroke a user types on the computer’s keyboard

    • As the user types, the keystrokes are collected and saved as text

  • As a hardware device, a keylogger is a small device inserted between the keyboard connector and computer keyboard port

Security+ Guide to Network Security Fundamentals, Third Edition


Malware for profit continued8

Malware for Profit (continued)

Security+ Guide to Network Security Fundamentals, Third Edition


Security guide to network security fundamentals third edition

Security+ Guide to Network Security Fundamentals, Third Edition


Malware for profit continued9

Malware for Profit (continued)

  • Software keyloggers

    • Programs that silently capture all keystrokes, including passwords and sensitive information

    • Hide themselves so that they cannot be easily detected even if a user is searching for them

Security+ Guide to Network Security Fundamentals, Third Edition


Keylogger

Keylogger

Security+ Guide to Network Security Fundamentals, Third Edition


Malware for profit continued10

Malware for Profit (continued)

Security+ Guide to Network Security Fundamentals, Third Edition


Malware for profit continued11

Malware for Profit (continued)

  • Botnets

    • When hundreds, thousands, or even tens of thousands of zombie computers are under the control of an attacker

  • Zombie

    • An infected computer with a program that will allow the attacker to remotely control it

  • Attackers use Internet Relay Chat (IRC) to remotely control the zombies

  • Attacker is knows as a bot herder

Security+ Guide to Network Security Fundamentals, Third Edition


Http www identitytheftblog info wp content uploads 2008 10 botnets2 jpg

http://www.identitytheftblog.info/wp-content/uploads/2008/10/botnets2.jpg

Security+ Guide to Network Security Fundamentals, Third Edition


Malware for profit continued12

Malware for Profit (continued)

Security+ Guide to Network Security Fundamentals, Third Edition


Security guide to network security fundamentals third edition

10 Most Destructive Viruseshttp://www.crn.com/security/190300322;jsessionid=3QXLZZJOA5GQ3QE1GHPCKHWATMY32JVN?pgno=3

  • CIH (Chernobyl)(1998) – 20 – 80 mil. Dollars damage – file infector virus – Win 95,98, and ME executables. Overwrites BIOS. Distributed in Freeware games.

  • Melissa (1999) – 300 – 600 million. Macro virus.

  • ILOVEYOU (2000) 10 – 15 billion dollars. Worm. VisualBasic script. Similar to Melissa in execution. Also overwrote music and image files.

  • Code Red (2001) 2.6 billion. Worm. Exploited hole in IIS (there was a patch for it that most folks hadn’t downloaded). Infected web servers and sites and then find other servers to infect. After 20 days, launched a DOS attack on McAfee and White House.


10 most destructive viruses

10 Most Destructive Viruses

SQL Slammer (2003) – Worm. 500,000 servers world wide, shut down S. Korea’s online capacity for 12 hours. Spread by searching randomly generated IP addresses running unpatched M/S SQL

Blaster (2003) 2 – 10 billion dollars. Worm. Exploited vulnerability in Windows 2000 and Windows XP. Also had code that triggered DOS on Windowsupdate.com.

Sobig (2003) Worm. 5 – 10 billion dollars. Generated 1 million copies of itself in 24 hours. Created email attachments like application.pif and thank_you.pif. When activated, sent out to eamil addresses. Microsoft announced a 250K bounty for the writer, who has yet to be caught.

Bagle (2004) – Worm, email, with 60 – 100 variants when it infects a PC. Opens backdoor to TCP port that can be used by remote users to access data on the user’s infected PC.

Security+ Guide to Network Security Fundamentals, Third Edition


10 most destructive viruses1

10 Most Destructive Viruses

MyDoom (2004) – worm. At its peak, slowed global Internet performance by 10 percent and Web load times by up to 50 percent. Transmitted via email addresses in address book. Security experts have speculated that one in every 10 e-mail messages sent during the first hours of infection contained the virus.

Sasser (2004) – worm. Tens of millions of dollars. Sasser was not transmitted via e-mail and required no user interaction to spread. Caused systems to crash. Written by 17-year old German high school student.

Security+ Guide to Network Security Fundamentals, Third Edition


Hardware based attacks

Hardware-Based Attacks

  • Hardware that often is the target of attacks includes the BIOS, USB devices, network attached storage, and even cell phones

Security+ Guide to Network Security Fundamentals, Third Edition


Security guide to network security fundamentals third edition

BIOS

  • Basic Input/Output System (BIOS)

    • A coded program embedded on the processor chip that recognizes and controls different devices on the computer system

    • Executed when the computer system is first turned on and provides low-level access to the hard disk, video, and keyboard

  • On older computer systems the BIOS was a Read Only Memory (ROM) chip

    • Today’s computer systems have a PROM (Programmable Read Only Memory) chip

Security+ Guide to Network Security Fundamentals, Third Edition


Bios continued

BIOS (continued)

  • Because it can be flashed, the BIOS can be the object of attacks

    • One virus overwrites the contents of the BIOS and the first part of the hard disk drive, rendering the computer completely dead

    • An attacker could infect a computer with a virus and then flash the BIOS to install a rootkit on the BIOS

Security+ Guide to Network Security Fundamentals, Third Edition


Usb devices

USB Devices

  • USB devices use flash memory

    • Flash memory is a type of EEPROM, nonvolatile computer memory that can be electrically erased and rewritten repeatedly

  • USB devices are widely used to spread malware

  • Also, USB devices allow spies or disgruntled employees to copy and steal sensitive corporate data

  • In addition, data stored on USB devices can be lost or fall into the wrong hands

Security+ Guide to Network Security Fundamentals, Third Edition


Usb devices continued

USB Devices (continued)

  • To reduce the risk introduced by USB devices:

    • Disable the USB in hardware

    • Disable the USB through the operating system

    • Use third-party software

Security+ Guide to Network Security Fundamentals, Third Edition


Disabling usb in registry

Disabling USB in Registry


Network attached storage nas

Network Attached Storage (NAS)

  • Storage Area Network (SAN)

    • Specialized high-speed network for attaching servers to storage devices

    • SAN can be shared between servers and can be local or extended over geographical distances

  • Network Attached Storage (NAS)

    • Another type of network storage

    • Single, dedicated hard disk-based file storage device that provides centralized and consolidated disk storage available to LAN users through a standard network connection

Security+ Guide to Network Security Fundamentals, Third Edition


Security guide to network security fundamentals third edition

Security+ Guide to Network Security Fundamentals, Third Edition


Security guide to network security fundamentals third edition

Security+ Guide to Network Security Fundamentals, Third Edition


Network attached storage nas continued

Network Attached Storage (NAS) (continued)

  • Advantages to using NAS devices on a network

    • Offer the ability to easily expand storage requirements

    • Allow for the consolidation of storage

  • The operating system on NAS devices can be either a standard operating system, a proprietary operating system, or a “stripped-down” operating system with many of the standard features omitted

  • NAS security is implemented through the standard operating system security features

Security+ Guide to Network Security Fundamentals, Third Edition


Cell phones

Cell Phones

  • Cellular telephones (cell phones)

    • Portable communication devices that function in a manner that is unlike wired telephones

  • Two keys to cellular telephone networks

    • Coverage area is divided into smaller individual sections called cells

    • All of the transmitters and cell phones operate at a low power level

Security+ Guide to Network Security Fundamentals, Third Edition


Cell phones continued

Cell Phones (continued)

  • Almost all cell phones today have the ability to send and receive text messages and connect to the Internet

  • Types of attacks

    • Lure users to malicious Web sites

    • Infect a cell phone

    • Launch attacks on other cell phones

    • Access account information

    • Abuse the cell phone service

Security+ Guide to Network Security Fundamentals, Third Edition


Attacks on virtualized systems

Attacks on Virtualized Systems

  • Just as attacks can be software-based or hardware-based, attacks can also target software that is emulating hardware

  • This type of software, known as virtualization, is becoming one of the prime targets of attackers

Security+ Guide to Network Security Fundamentals, Third Edition


What is virtualization

What Is Virtualization?

  • Virtualization

    • A means of managing and presenting computer resources by function without regard to their physical layout or location

  • Operating system virtualization

    • A virtual machine is simulated as a self-contained software environment by the host system but appears as a guest system

  • Server virtualization

    • Creating and managing multiple server operating systems

Security+ Guide to Network Security Fundamentals, Third Edition


What is virtualization continued

What Is Virtualization? (continued)

Security+ Guide to Network Security Fundamentals, Third Edition


What is virtualization continued1

What Is Virtualization? (continued)

  • One of the factors driving the adoption of virtualization is the cost of energy

  • Operating system virtualization is playing an increasingly important role in security

    • Has allowed increased flexibility in launching attacks

    • Is also being used to make systems more secure

Security+ Guide to Network Security Fundamentals, Third Edition


Attacks on virtual systems

Attacks on Virtual Systems

  • Virtualization provides the ability to run multiple virtual computers on one physical computer

  • Virtualization can also be beneficial in providing uninterrupted server access to users

    • By means of live migration and load balancing

Security+ Guide to Network Security Fundamentals, Third Edition


Attacks on virtual systems continued

Attacks on Virtual Systems (continued)

  • Security for virtualized environments can be a concern for two reasons

    • Existing security tools were designed for single physical servers and do not always adapt well to multiple virtual machines

    • Virtual machines not only need to be protected from the outside world, but they also need to be protected from other virtual machines on the same physical computer

Security+ Guide to Network Security Fundamentals, Third Edition


Attacks on virtual systems continued1

Attacks on Virtual Systems (continued)

  • Hypervisor

    • Software that runs on a physical computer and manages one or more virtual machine operating systems

    • Can contain security code that would allow the hypervisor to provide security by default to all virtual machines

  • Another option is for security software to function as a separate program that is “plugged in” to the hypervisor

Security+ Guide to Network Security Fundamentals, Third Edition


Security guide to network security fundamentals third edition

Security+ Guide to Network Security Fundamentals, Third Edition


Attacks on virtual systems continued2

Attacks on Virtual Systems (continued)

  • Another approach is running security software, such as a firewall and intrusion detection system

    • As a specialized security virtual machine on the physical machine

Security+ Guide to Network Security Fundamentals, Third Edition


Security guide to network security fundamentals third edition

Security+ Guide to Network Security Fundamentals, Third Edition


Summary

Summary

  • Malicious software (malware) is software that enters a computer system without the owner’s knowledge or consent

  • Infecting malware includes computer viruses and worms

  • Ways to conceal malware include Trojan horses (Trojans), rootkits, logic bombs, and privilege escalation

  • Malware with a profit motive includes spam, spyware, and botnets

Security+ Guide to Network Security Fundamentals, Third Edition


Summary continued

Summary (continued)

  • Hardware is also the target of attackers. Frequent hardware targets include the BIOS, USB storage devices, Network Attached Storage (NAS) devices, and cell phones

  • Virtualization is a means of managing and presenting computer resources by function without regard to their physical layout or location

Security+ Guide to Network Security Fundamentals, Third Edition


  • Login