Download Security+ Guide to Network Security Fundamentals, Third Edition

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
page
33
page
34
page
35
page
36
page
37
page
38
page
39
page
40
page
41
page
42
page
43
page
44
page
45
page
46
page
47
page
48
page
49
page
50
page
51
page
52
Document related concepts

Next-Generation Secure Computing Base wikipedia , lookup

Information security wikipedia , lookup

Post-quantum cryptography wikipedia , lookup

Cyberwarfare wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Cyberattack wikipedia , lookup

Microsoft Security Essentials wikipedia , lookup

Airport security wikipedia , lookup

Unix security wikipedia , lookup

Computer and network surveillance wikipedia , lookup

Distributed firewall wikipedia , lookup

Wireless security wikipedia , lookup

Cyber-security regulation wikipedia , lookup

Hacker wikipedia , lookup

Malware wikipedia , lookup

Security-focused operating system wikipedia , lookup

Computer security wikipedia , lookup

Mobile security wikipedia , lookup

Cybercrime countermeasures wikipedia , lookup

Transcript 
Security+ Guide to Network
Security Fundamentals, Third
Edition
Chapter 2
Systems Threats and Risks
Objectives
• Describe the different types of software-based
attacks
• List types of hardware attacks
• Define virtualization and explain how attackers are
targeting virtual systems
Security+ Guide to Network Security Fundamentals, Third Edition
2
Software-Based Attacks
• Malicious software, or malware
– Software that enters a computer system without the
owner’s knowledge or consent
– Malware is a general term that refers to a wide variety
of damaging or annoying software
• The three primary objectives of malware
– To infect a computer system
– Conceal the malware’s malicious actions
– Bring profit from the actions that it performs
Security+ Guide to Network Security Fundamentals, Third Edition
3
Infecting Malware
• Viruses
– Programs that secretly attach to another document or
program and execute when that document or program
is opened
– Once a virus infects a computer, it performs two
separate tasks
• Replicates itself by spreading to other computers
• Activates its malicious payload
– Cause problems ranging from displaying an annoying
message to erasing files from a hard drive or causing
a computer to crash repeatedly
Security+ Guide to Network Security Fundamentals, Third Edition
4
Infecting Malware (continued)
Security+ Guide to Network Security Fundamentals, Third Edition
5
Infecting Malware (continued)
• Types of computer viruses
–
–
–
–
–
File infector virus
Resident virus
Boot virus
Companion virus
Macro virus
• Metamorphic viruses
– Avoid detection by altering how they appear
• Polymorphic viruses
– Also encrypt their content differently each time
Security+ Guide to Network Security Fundamentals, Third Edition
6
Infecting Malware (continued)
• Worm
– Program designed to take advantage of a vulnerability
in an application or an operating system in order to
enter a system
– Worms are different from viruses in two regards:
• A worm can travel by itself
• A worm does not require any user action to begin its
execution
– Actions that worms have performed: deleting files on
the computer; allowing the computer to be remotecontrolled by an attacker
Security+ Guide to Network Security Fundamentals, Third Edition
7
Concealing Malware
• Trojan Horse (or just Trojan)
– Program advertised as performing one activity that but
actually does something else
– Trojan horse programs are typically executable
programs that contain hidden code that attack the
computer system
• Rootkit
– A set of software tools used by an intruder to break
into a computer, obtain special privileges to perform
unauthorized functions, and then hide all traces of its
existence
Security+ Guide to Network Security Fundamentals, Third Edition
8
Concealing Malware (continued)
• Rootkit (continued)
– The rootkit’s goal is to hide the presence of other
types of malicious software
– Rootkits function by replacing operating system
commands with modified versions
• That are specifically designed to ignore malicious
activity so it can escape detection
– Detecting a rootkit can be difficult
– Removing a rootkit from an infected computer is
extremely difficult
• You need to reformat the hard drive and reinstall the
operating system
Security+ Guide to Network Security Fundamentals, Third Edition
9
Concealing Malware (continued)
• Logic bomb
– A computer program or a part of a program that lies
dormant until it is triggered by a specific logical event
– Once triggered, the program can perform any number
of malicious activities
– Logic bombs are extremely difficult to detect before
they are triggered
• Privilege escalation
– Exploiting a vulnerability in software to gain access to
resources that the user would normally be restricted
from obtaining
Security+ Guide to Network Security Fundamentals, Third Edition
10
Security+ Guide to Network Security Fundamentals, Third Edition
11
Concealing Malware (continued)
• Types of privilege escalation
– When a user with a lower privilege uses privilege
escalation to access functions reserved for higher
privilege users
– When a user with restricted privileges accesses the
different restricted functions of a similar user
Security+ Guide to Network Security Fundamentals, Third Edition
12
Malware for Profit
• Spam
– Unsolicited e-mail
– Sending spam is a lucrative business
– Costs involved for spamming:
• E-mail addresses
• Equipment and Internet connection
– Text-based spam messages can easily by trapped by
special filters
– Image spam uses graphical images of text in order to
circumvent text-based filters
Security+ Guide to Network Security Fundamentals, Third Edition
13
Security+ Guide to Network Security Fundamentals, Third Edition
14
Malware for Profit (continued)
• Other techniques used by spammers include:
– GIF layering
– Word splitting
– Geometric variance
Security+ Guide to Network Security Fundamentals, Third Edition
15
Security+ Guide to Network Security Fundamentals, Third Edition
16
Malware for Profit (continued)
Security+ Guide to Network Security Fundamentals, Third Edition
17
Security+ Guide to Network Security Fundamentals, Third Edition
18
Malware for Profit (continued)
• Image spam cannot be easily filtered based on the
content of the message
• To detect image spam, one approach is to examine
the context of the message and create a profile,
asking questions such as:
– Who sent the message?
– What is known about the sender?
– Where does the user go if she responds to this email?
– What is the nature of the message content?
– How is the message technically constructed?
Security+ Guide to Network Security Fundamentals, Third Edition
19
Malware for Profit (continued)
• Spyware
– A general term used for describing software that
imposes upon a user’s privacy or security
• Antispyware Coalition defines spyware as:
– Technologies that are deployed without the user’s
consent and impair the user’s control over:
• Use of their system resources, including what programs
are installed on their computers
• Collection, use, and distribution of their personal or
other sensitive information
• Material changes that affect their user experience,
privacy, or system security
Security+ Guide to Network Security Fundamentals, Third Edition
20
Malware for Profit (continued)
• Spyware has two characteristics that make it very
dangerous
– Spyware creators are motivated by profit
• Spyware is often more intrusive than viruses, harder
to detect, and more difficult to remove
– Spyware is not always easy to identify
• Spyware is very widespread
• Although attackers use several different spyware
tools
– The two most common are adware and keyloggers
Security+ Guide to Network Security Fundamentals
21
Malware for Profit (continued)
Security+ Guide to Network Security Fundamentals, Third Edition
22
Malware for Profit (continued)
• Adware
– A software program that delivers advertising content
in a manner that is unexpected and unwanted by the
user
• Adware can be a security risk
– Many adware programs perform a tracking function
• Monitors and tracks a user’s activities
• Sends a log of these activities to third parties without
the user’s authorization or knowledge
Security+ Guide to Network Security Fundamentals, Third Edition
23
Malware for Profit (continued)
• Keylogger
– A small hardware device or a program that monitors
each keystroke a user types on the computer’s
keyboard
– As the user types, the keystrokes are collected and
saved as text
• As a hardware device, a keylogger is a small device
inserted between the keyboard connector and
computer keyboard port
Security+ Guide to Network Security Fundamentals, Third Edition
24
Malware for Profit (continued)
Security+ Guide to Network Security Fundamentals, Third Edition
25
Malware for Profit (continued)
• Software keyloggers
– Programs that silently capture all keystrokes,
including passwords and sensitive information
– Hide themselves so that they cannot be easily
detected even if a user is searching for them
Security+ Guide to Network Security Fundamentals, Third Edition
26
Malware for Profit (continued)
Security+ Guide to Network Security Fundamentals, Third Edition
27
Malware for Profit (continued)
• Botnets
– When hundreds, thousands, or even tens of
thousands of zombie computers are under the control
of an attacker
• Zombie
– An infected computer with a program that will allow
the attacker to remotely control it
• Attackers use Internet Relay Chat (IRC) to
remotely control the zombies
• Attacker is knows as a bot herder
Security+ Guide to Network Security Fundamentals, Third Edition
28
Malware for Profit (continued)
Security+ Guide to Network Security Fundamentals, Third Edition
29
Hardware-Based Attacks
• Hardware that often is the target of attacks includes
the BIOS, USB devices, network attached storage,
and even cell phones
Security+ Guide to Network Security Fundamentals, Third Edition
30
BIOS
• Basic Input/Output System (BIOS)
– A coded program embedded on the processor chip
that recognizes and controls different devices on the
computer system
– Executed when the computer system is first turned on
and provides low-level access to the hard disk, video,
and keyboard
• On older computer systems the BIOS was a Read
Only Memory (ROM) chip
– Today’s computer systems have a PROM
(Programmable Read Only Memory) chip
Security+ Guide to Network Security Fundamentals, Third Edition
31
BIOS (continued)
• Because it can be flashed, the BIOS can be the
object of attacks
– One virus overwrites the contents of the BIOS and the
first part of the hard disk drive, rendering the
computer completely dead
– An attacker could infect a computer with a virus and
then flash the BIOS to install a rootkit on the BIOS
Security+ Guide to Network Security Fundamentals, Third Edition
32
USB Devices
• USB devices use flash memory
– Flash memory is a type of EEPROM, nonvolatile
computer memory that can be electrically erased and
rewritten repeatedly
• USB devices are widely used to spread malware
• Also, USB devices allow spies or disgruntled
employees to copy and steal sensitive corporate
data
• In addition, data stored on USB devices can be lost
or fall into the wrong hands
Security+ Guide to Network Security Fundamentals, Third Edition
33
USB Devices (continued)
• To reduce the risk introduced by USB devices:
– Disable the USB in hardware
– Disable the USB through the operating system
– Use third-party software
Security+ Guide to Network Security Fundamentals, Third Edition
34
Network Attached Storage (NAS)
• Storage Area Network (SAN)
– Specialized high-speed network for attaching servers
to storage devices
– SAN can be shared between servers and can be local
or extended over geographical distances
• Network Attached Storage (NAS)
– Another type of network storage
– Single, dedicated hard disk-based file storage device
that provides centralized and consolidated disk
storage available to LAN users through a standard
network connection
Security+ Guide to Network Security Fundamentals, Third Edition
35
Security+ Guide to Network Security Fundamentals, Third Edition
36
Security+ Guide to Network Security Fundamentals, Third Edition
37
Network Attached Storage (NAS)
(continued)
• Advantages to using NAS devices on a network
– Offer the ability to easily expand storage requirements
– Allow for the consolidation of storage
• The operating system on NAS devices can be either
a standard operating system, a proprietary operating
system, or a “stripped-down” operating system with
many of the standard features omitted
• NAS security is implemented through the standard
operating system security features
Security+ Guide to Network Security Fundamentals, Third Edition
38
Cell Phones
• Cellular telephones (cell phones)
– Portable communication devices that function in a
manner that is unlike wired telephones
• Two keys to cellular telephone networks
– Coverage area is divided into smaller individual
sections called cells
– All of the transmitters and cell phones operate at a low
power level
Security+ Guide to Network Security Fundamentals, Third Edition
39
Cell Phones (continued)
• Almost all cell phones today have the ability to send
and receive text messages and connect to the
Internet
• Types of attacks
–
–
–
–
–
Lure users to malicious Web sites
Infect a cell phone
Launch attacks on other cell phones
Access account information
Abuse the cell phone service
Security+ Guide to Network Security Fundamentals, Third Edition
40
Attacks on Virtualized Systems
• Just as attacks can be software-based or hardwarebased, attacks can also target software that is
emulating hardware
• This type of software, known as virtualization, is
becoming one of the prime targets of attackers
Security+ Guide to Network Security Fundamentals, Third Edition
41
What Is Virtualization?
• Virtualization
– A means of managing and presenting computer
resources by function without regard to their physical
layout or location
• Operating system virtualization
– A virtual machine is simulated as a self-contained
software environment by the host system but
appears as a guest system
• Server virtualization
– Creating and managing multiple server operating
systems
Security+ Guide to Network Security Fundamentals, Third Edition
42
What Is Virtualization? (continued)
Security+ Guide to Network Security Fundamentals, Third Edition
43
What Is Virtualization? (continued)
• One of the factors driving the adoption of
virtualization is the cost of energy
• Operating system virtualization is playing an
increasingly important role in security
– Has allowed increased flexibility in launching attacks
– Is also being used to make systems more secure
Security+ Guide to Network Security Fundamentals, Third Edition
44
Attacks on Virtual Systems
• Virtualization provides the ability to run multiple
virtual computers on one physical computer
• Virtualization can also be beneficial in providing
uninterrupted server access to users
– By means of live migration and load balancing
Security+ Guide to Network Security Fundamentals, Third Edition
45
Attacks on Virtual Systems (continued)
• Security for virtualized environments can be a
concern for two reasons
– Existing security tools were designed for single
physical servers and do not always adapt well to
multiple virtual machines
– Virtual machines not only need to be protected from
the outside world, but they also need to be protected
from other virtual machines on the same physical
computer
Security+ Guide to Network Security Fundamentals, Third Edition
46
Attacks on Virtual Systems (continued)
• Hypervisor
– Software that runs on a physical computer and
manages one or more virtual machine operating
systems
– Can contain security code that would allow the
hypervisor to provide security by default to all virtual
machines
• Another option is for security software to function as
a separate program that is “plugged in” to the
hypervisor
Security+ Guide to Network Security Fundamentals, Third Edition
47
Security+ Guide to Network Security Fundamentals, Third Edition
48
Attacks on Virtual Systems (continued)
• Another approach is running security software, such
as a firewall and intrusion detection system
– As a specialized security virtual machine on the
physical machine
Security+ Guide to Network Security Fundamentals, Third Edition
49
Security+ Guide to Network Security Fundamentals, Third Edition
50
Summary
• Malicious software (malware) is software that enters
a computer system without the owner’s knowledge or
consent
• Infecting malware includes computer viruses and
worms
• Ways to conceal malware include Trojan horses
(Trojans), rootkits, logic bombs, and privilege
escalation
• Malware with a profit motive includes spam, spyware,
and botnets
Security+ Guide to Network Security Fundamentals, Third Edition
51
Summary (continued)
• Hardware is also the target of attackers. Frequent
hardware targets include the BIOS, USB storage
devices, Network Attached Storage (NAS) devices,
and cell phones
• Virtualization is a means of managing and presenting
computer resources by function without regard to
their physical layout or location
Security+ Guide to Network Security Fundamentals, Third Edition
52
Related documents
Internet Marketing Fundamentals
Internet Marketing Fundamentals
sch1sec3fundamentalsofmarketing2
sch1sec3fundamentalsofmarketing2
PowerPoint ******
PowerPoint ******
Computer Systems Fundamentals
Computer Systems Fundamentals
DBAdminFund_PPT_2.1
DBAdminFund_PPT_2.1
Tappan Zee High School Virtual High School Course Offerings 2016
Tappan Zee High School Virtual High School Course Offerings 2016
Computer science
Computer science
Course Descriptions
Course Descriptions
Computer Networks [Opens in New Window]
Computer Networks [Opens in New Window]
Info Tech -
Info Tech -
Meeting and Exhibition Marketing
Meeting and Exhibition Marketing