slide1 l.
Skip this Video
Loading SlideShow in 5 Seconds..
Computer Viruses and Related Threats : A Management Guide PowerPoint Presentation
Download Presentation
Computer Viruses and Related Threats : A Management Guide

Loading in 2 Seconds...

play fullscreen
1 / 37

Computer Viruses and Related Threats : A Management Guide - PowerPoint PPT Presentation

  • Uploaded on

Computer Viruses and Related Threats : A Management Guide Structure of Presentation Computer Viruses: What are they like? Why are Virus Incidents on the Rise? Major Malicious Software Trojan Horses, Viruses, and Network Worms. Weaknesses Viruses Exploit. Virus Prevention Program.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Computer Viruses and Related Threats : A Management Guide' - Sophia

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
structure of presentation
Structure of Presentation
  • Computer Viruses: What are they like?
  • Why are Virus Incidents on the Rise?
  • Major Malicious Software
    • Trojan Horses, Viruses, and Network Worms.
  • Weaknesses Viruses Exploit.
  • Virus Prevention Program.
computer viruses what are they like
Computer Viruses: What are they like?
  • It copies itself to other files (e.g., programs) - infecting them.
  • It executes the instructions that the author has included in it.
  • Depending on the author’s motives, the infected program can:
    • immediately damage system software, data, and others.
    • wait until a certain event has occurred at a particular date & time, before launching any damage.
related threats with viruses
Related Threats with Viruses
  • Apart from viruses, other destructive programs include:
    • Trojan horses and network worms.
  • These destructive programs are so called “malicious software/programs or malware”.
  • Many times, they are written to masquerade as useful programs.
why are virus incidents on the rise
Why are Virus Incidents on the Rise?
  • Computer users (who can be intruders too) have become increasingly proficient and sophisticated.
  • Software applications are increasingly complicated,larger and larger… making their bugs and security holes more difficult to be detected.
  • Lack effective security mechanisms, e.g., security testing.
  • Want to gain (bad) reputation.
major malicious software
Major Malicious Software
  • Malicious software:
    • Trojan horses
    • Computer viruses
    • Network worms
trojan horses
Trojan Horses
  • A program which appears to be a useful program. When invoked, it performs some unwanted functions.
  • A ‘Trojan horse’ author usually:
    • gains access to the source code of a useful program which is usually attractive to others and,
    • adds ‘wicked’ code so that the program performs some hidden actions.
trojan horse calculator
Trojan Horse Calculator
  • When a user invokes the program, it appears to be performing calculations.
  • then it may quietly perform something else, such as, delete the user’s files or perform any harmful actions.
trojan horses with file permission modification
Trojan Horses with File Permission Modification
  • A wicked user of a multi-user system who wants to gain access to other users’ files.
    • Create aTrojan horse program to circumvent the normal file permission mechanism.
    • Name the program such that other users will think the program is a useful utility.
    • The ‘Trojan horse’ author induces (social-engineers) any users to download and perhaps put it in a common directory.
    • When invoked, the Trojan program changes the user’s file permission to be readable by any user.
    • The author can then access the file, such as work or personal information.
trojan horse compilers
Trojan Horse Compilers
  • The Trojan horse compiler inserts additional code into compiled programs as they are being compiled.
  • The source code owner won’t be able to see/detect this problem while reading his code because it is the compiler that will insert bad code while compiling only.
    • The source code then creates a ‘trap/back door’ which allows the Trojan horse’s author to get into the system.
how trojans are introduced to your system
How Trojans are Introduced to Your System
  • They are planted by an unauthorised user in public software repositories where many people can access, e.g., on PC file servers, FTP servers, Web servers, etc.
    • And unsuspecting users copy and run them.
  • Or they are planted by an authorised user, such as, one who is assigned to maintain compilers and software tools.
computer viruses
Computer Viruses
  • ไวรัสคือโปรแกรมคอมพิวเตอร์ประเภทหนึ่งที่ถูกออกแบบมาให้แพร่กระจายตัวเองจากไฟล์หนึ่งไปยังไฟล์อื่นๆ
  • ไวรัสจะไม่สามารถแพร่กระจายจากเครื่องหนึ่งไปยังอีกเครื่องหนึ่งได้ด้วยตัวมันเองโดยทั่วไปเกิดจากการที่ผู้ใช้เป็นพาหะนำไวรัสจากเครื่องหนึ่งไปยังอีกเครื่องหนึ่งเช่น
    • การส่ง E-mail โดยแนบเอกสารหรือไฟล์ที่มีไวรัสไปด้วย,
    • การทำสำเนาไฟล์ที่ติดไวรัสไปไว้บนไฟล์เซริฟเวอร์,
    • การแลกเปลี่ยนไฟล์โดยใช้แผ่นดิสก์เก็ต
  • เมื่อผู้ใช้ทั่วไปรับไฟล์หรือดิสก์มาใช้งานไวรัสก็จะแพร่กระจายภายในเครื่องและจะเป็นวงจรในลักษณะนี้ต่อไป
3 characteristics of viruses
3 Characteristics of Viruses
  • A virus exhibits 3 characteristics:
    • A replication mechanism (copy to another file)
    • An activation mechanism (perhaps use a time bomb or a logic bomb to activate a virus to do bad things)
    • A malicious objective (planned by the virus’s author)
network worms
Network Worms
  • Use network connection to spread from system to system.
    • network worms attack other systems that are linked via communication lines.
  • When active, worms can behave like viruses; that is, they have the ability to infect other systems connected.
how worms spread
How Worms Spread
  • Use the following ways to spread:
    • An email program from which a worm can mail a copy of itself to other users (systems).
    • A remote login capability, i.e., a worm can log into a remote system to copy itself from the current system to the remote system.
    • A remote execution capability, i.e., a worm can execute itself on another remote system.
replication mechanism
Replication Mechanism
  • Search for other remote systems: to infect by examining from the current system, host tables or similar repositories for remote system addresses.
  • Make connection: establishes a connection to the remote system, probably by logging in as a user, using an email program or performing remote execution.
  • Spread and run: copies itself to the remote system and causes the copy in the remote system to run.

Other Ways to Get into the Remote System

  • Password cracking by which the worm would attempt to log into a remote system by using user names or words from an on-line dictionary as passwords to log in.
  • A trap door (planted by someone) which would allow the worm to send commands to the remote system’s command interpreter. The commands would then be executed on the remote system.
  • Bugs in network-related programs which would allow the worm to access the remote system’s command interpreter.
activation mechanism and objective
Activation Mechanism and Objective
  • Activation may use a time bomb or logic bomb to activate itself to do bad things.
  • Its objective depends on whatever the worm’s author has designed:
    • delete files,
    • cause disruption to the infected system,
    • or even plant Trojan horses/viruses.
a trojan horse worm
A Trojan Horse Worm
  • This worm displayed a Christmas tree and a message of good cheer.
    • When executed, the Trojan worm would examine network address files for other PCs connected.
    • The worm then mails itself to those systems.
    • Upon receiving this message, the user is invited (social-engineered) to run this Christmas tree worm.
    • There is no destructive action from this worm, except disrupting communication and causing a loss in network bandwidth.

Virus-Related Threats

  • Variants from Trojan horses, viruses, worms continue to be endless, e.g.,:
    • A rabbit whose objective is to spread wildly within or among other systems and disrupt network traffic.
    • A bacterium whose objective is to replicate within a system and eat up processor time until computer throughput (performance in data processing) is extremely degraded.

Weaknesses Viruses Use

  • Lack of user awareness - e.g., users copy and share infected software, fail to detect signs of virus activity.
  • Social-engineering – users are fooled into trusting emails received.
  • Absence/inadequacy of technical controls - e.g., lack of anti-virus software.
  • Ineffective use of technical controls - e.g.,
    • use easily guessed passwords,
    • fail to use appropriate access controls (shared files with no password),
    • grant users far more access to resources than necessary.

Weaknesses Viruses Use

  • Software bugs - allow viruses to spread and break into other systems.
  • Unauthorised use - allow unauthorised users to use your system.
    • Unauthorised users can be a wicked person who wants to attack your system by spreading viruses, or
    • Good/authorised users who do things unwittingly, e.g., copy infected files into your system.
  • Susceptibility of network misuse – a network allows anonymous access (e.g. via FTP) for intruders to upload viruses to the system.
effective virus prevention program
Effective Virus Prevention Program
  • Due to the weaknesses above, one needs an effective virus prevention program which must address:
    • restricting system access only to authorised users,
    • ensuring that software and hardware are regularly monitored and maintained,
    • backing up regularly, and
    • having a contingency plan when any virus incident occurs.

What Does the Program Do?

  • to deter attacks by viruses and related threats,
  • to detect when they occur,
  • to contain (control/halt) the attack. This is to limit damage, and
  • to recover in a reasonable amount of time without loss of any data or with a minimum data loss.

Program Focuses

  • In a virus prevention program, attention needs to be focused on the following areas:
    • security policies and procedures,
    • user education,
    • software management,
    • technical controls,
    • system monitoring, and
    • a contingency plan

What Should User Education Address?

  • How malicious software operates,
    • methods by which it is planted and spread, and
    • the vulnerabilities exploited by malicious software and unauthorised users,
  • How to apply security policies and procedures, e.g., for backup, storage, and use of public-domain software and shareware,
  • How to use technical controls - e.g., anti-virus software file access control,
  • How to monitor their systems and detect signs of abnormal activity, and
  • Contingency procedures to recover from virus incidents.

Software Management

  • To prevent users from potentially spreading malicious software, the program needs to:
    • ensure that users understand the nature of malicious software, how it is spread and what are the technical controls that can be used to protect their system,
    • have policies for downloading and use of public-domain and shareware software,
    • have a mechanism for validating/checking such software before use, and
    • minimise the exchange of executable software within/between the organisation.

Software Management

  • do not create software repositories on LAN servers,unless technical controls exist to prevent users from freely uploading or downloading software from them -- Very high risk for viruses to spread throughout the network,
  • purchase software only from reputable sources (vendors),
  • maintain software properly and update it as necessary, as well as apply any new security patches,
  • do not use pirated software as it may have been modified to be a Trojan,
software management
Software Management
  • ensure that software vendors can be quichly contact if any software problem takes place,
  • store the original software distribution in a secure location for restoration -- in case the in-operation version has been infected by a virus, and
  • test any new/upgraded/company-developed software in an isolated system. The system should:
    • be configured so that there is no risk of virus spreading to other places of the organisation,
    • not be used by other users, except authorised users,
    • not connect to the internal network, and
    • not contain any valuable data.

Technical Controls

  • Technical controls are used to protect the security and integrity of systems and associated data.
  • Technical controls can help deter occurrences of viruses, or make them more difficult to occur, e.g.,
    • authentication mechanisms, e.g., the use of passwords on shared files and directories,
    • write-protection mechanisms on tapes and diskettes.
technical controls
Technical Controls
  • Technical controls should be used to restrict system access to authorised users only,
  • Technical controls should be used to limit user privileges to the minimum practical level,
  • Users and managers must be educated as to what controls to use, as well as how and when to use them,
  • When not strong enough, they should be supplemented with alternative physical controls or other add-on controls.
technical controls with data
Technical Controls with Data
  • Classify the categories of data, e.g.,
    • highly sensitive,
    • sensitive,
    • medium,
    • low, and
    • public.
  • Use proper technical controls with the data categories. Sensitive data normally require more protection than the low-priority data.
system monitoring
System Monitoring
  • The reasons we need monitoring are:
    • Expensive damage: Viruses can cause expensive damage within a very small amount of time: minutes or seconds.
      • By proper monitoring on software/system/user activities, managers can detect early signs of viruses and other unauthorised activities.
    • Apply contingency procedures: Managers can then apply any proper contingency procedures to halt the malicious activity and recover from whatever damage has been caused.
    • Security improvement: Monitoring aids in being an indicator whether or not security policies, procedures, and controls currently in place are effective as planned.
system monitoring what to do
System Monitoring: What to Do
  • user education - users must know what their computing environment is like, what constitutes normal and abnormal system activities, and whom to contact when malicious access occurs.
  • system access monitoring tools - tools to automate logging of any access to accounts, files and etc.
  • anti-virus tools - tools to alert users of malicious types of access.
system monitoring what to do35
System Monitoring: What to Do
  • system-integrity tools - tools to automatically check files for changes in size, date or content.
  • network monitoring tools - tools to record network access or even attempt to access.
  • periodic review on monitoring statistics/logs - The statistics/logs will determine needs for changes in the current virus prevention program and will help to fine-tune to make it more effective.
contingency plan what to do
Contingency Plan: What to Do
  • The purpose is to halt and recover from any attack that have already occurred.
    • The most important planning involves use of backups. The organisation should maintain regular, frequent backups for all important data, software, configuration files, command files, etc.
    • Software should be restored only from their original copies/dictribution so as to have no virus contamination.
contingency plan what to do37
Contingency Plan: What to Do
  • The restored configuration/command files should be inspected to ensure that they have not been damaged or modified perhaps byunauthorised people/viruses.
  • Critical systems must be isolated from the entire network and other potential sources of virus infection.
  • A group of skilled users must be formed to deal with virus incidents and also ensure that they can be quickly contact whenever any attack occurs.
  • Maintain and distribute telephone numbers of security managers, staff involved, and managment to contact whenever any attack occurs.