Security Guide to Network Security Fundamentals, Third Edition

Document Sample
Security Guide to Network Security Fundamentals, Third Edition Powered By Docstoc
					 Security+ Guide to Network
Security Fundamentals, Third
           Edition


         Chapter 2
  Systems Threats and Risks
                                   Objectives

• Define Malicious Software (Malware)
• Describe the different types of Malware:
    – Infecting Malware (viruses and worms)
    – Concealing Malware (trojan horses, rootkits, logic
      bombs, and priviledge escalation)
    – Malware for Profit (spams, spyware, and botnets)




Security+ Guide to Network Security Fundamentals, Third Edition   2
                  Software-Based Attacks

• Malicious software, or malware
    – Software that enters a computer system without the
      owner’s knowledge or consent
    – Malware is a general term that refers to a wide variety
      of damaging or annoying software
• The three primary objectives of malware
    – To infect a computer system
    – Conceal the malware’s malicious actions
    – Bring profit from the actions that it performs


Security+ Guide to Network Security Fundamentals, Third Edition   3
                          Infecting Malware

• Viruses
    – Programs that secretly attach to another document or
      program and execute when that document or program
      is opened
    – Once a virus infects a computer, it performs two
      separate tasks
          • Replicates itself by spreading to other computers
          • Activates its malicious payload
    – Cause problems ranging from displaying an annoying
      message to erasing files from a hard drive or causing
      a computer to crash repeatedly
Security+ Guide to Network Security Fundamentals, Third Edition   4
           Infecting Malware (continued)




Security+ Guide to Network Security Fundamentals, Third Edition   5
           Infecting Malware (continued)

• Types of computer viruses
    –   File infector virus
    –   Resident virus
    –   Boot virus
    –   Companion virus
    –   Macro virus
    –   Metamorphic viruses
    –   Polymorphics viruses



Security+ Guide to Network Security Fundamentals, Third Edition   6
           Infecting Malware (continued)
• Worm
    – Program designed to take advantage of a vulnerability
      in an application or an operating system in order to
      enter a system
    – Worms are different from viruses in two regards:
          • A worm can travel by itself
          • A worm does not require any user action to begin its
            execution
    – Actions that worms have performed: deleting files on
      the computer; allowing the computer to be remote-
      controlled by an attacker

Security+ Guide to Network Security Fundamentals, Third Edition    7
                       Concealing Malware

• Trojan Horse (or Trojan)
    – Program advertised as performing one activity that but
      actually does something else
    – Trojan horse programs are typically executable
      programs that contain hidden code that attack the
      computer system
• Rootkit
    – A set of software tools used by an intruder to break
      into a computer, obtain special privileges to perform
      unauthorized functions, and then hide all traces of its
      existence
Security+ Guide to Network Security Fundamentals, Third Edition   8
        Concealing Malware (continued)
• Rootkit (continued)
    – The rootkit’s goal is to hide the presence of other
      types of malicious software
    – Rootkits function by replacing operating system
      commands with modified versions
          • That are specifically designed to ignore malicious
            activity so it can escape detection
    – Detecting a rootkit can be difficult
    – Removing a rootkit from an infected computer is
      extremely difficult
          • You need to reformat the hard drive and reinstall the
            operating system
Security+ Guide to Network Security Fundamentals, Third Edition     9
        Concealing Malware (continued)

• Logic bomb
    – A computer program or a part of a program that lies
      dormant until it is triggered by a specific logical event
    – Once triggered, the program can perform any number
      of malicious activities
    – Logic bombs are extremely difficult to detect before
      they are triggered




Security+ Guide to Network Security Fundamentals, Third Edition   10
Security+ Guide to Network Security Fundamentals, Third Edition   11
        Concealing Malware (continued)
• Privilege escalation
    – Exploiting a vulnerability in software to gain access to
      resources that the user would normally be restricted
      from obtaining
    – Types of privilege escalation:
    • When a user with a lower privilege uses privilege
      escalation to access functions reserved for higher
      privilege users
    • When a user with restricted privileges accesses the
      different restricted functions of a similar user

Security+ Guide to Network Security Fundamentals, Third Edition   12
                          Malware for Profit

• Spam
    – Unsolicited e-mail
    – Sending spam is a lucrative business
    – Costs involved for spamming:
          • E-mail addresses
          • Equipment and Internet connection
    – Text-based spam messages can easily by trapped
      by special filters
    – Image spam uses graphical images of text in order to
      avoid text-based filters

Security+ Guide to Network Security Fundamentals, Third Edition   13
Security+ Guide to Network Security Fundamentals, Third Edition   14
           Malware for Profit (continued)

• Other techniques used by spammers include:
    – GIF layering
    – Word splitting
    – Geometric variance




Security+ Guide to Network Security Fundamentals, Third Edition   15
Security+ Guide to Network Security Fundamentals, Third Edition   16
           Malware for Profit (continued)




Security+ Guide to Network Security Fundamentals, Third Edition   17
Security+ Guide to Network Security Fundamentals, Third Edition   18
           Malware for Profit (continued)
• Image spam cannot be easily filtered based on the
  content of the message
• To detect image spam, one approach is to examine
  the context of the message and create a profile,
  asking questions such as:
    – Who sent the message?
    – What is known about the sender?
    – Where does the user go if she responds to this e-
      mail?
    – What is the nature of the message content?
    – How is the message technically constructed?
Security+ Guide to Network Security Fundamentals, Third Edition   19
           Malware for Profit (continued)
• Spyware
    – A general term used for describing software that
      imposes upon a user’s privacy or security
• Antispyware Coalition defines spyware as:
    – Technologies that are deployed without the user’s
      consent and weaken the user’s control over:
          • Use of their system resources, including what programs
            are installed on their computers
          • Collection, use, and distribution of their personal or
            other sensitive information
          • Material changes that affect their user experience,
            privacy, or system security
Security+ Guide to Network Security Fundamentals, Third Edition   20
           Malware for Profit (continued)
• Spyware has two characteristics that make it very
  dangerous
     – Spyware creators are motivated by profit
          • Spyware is often more intrusive than viruses, harder
            to detect, and more difficult to remove
     – Spyware is not always easy to identify
• Spyware is very widespread
• Although attackers use several different spyware
  tools
     – The two most common are adware and keyloggers

Security+ Guide to Network Security Fundamentals                   21
           Malware for Profit (continued)




Security+ Guide to Network Security Fundamentals, Third Edition   22
           Malware for Profit (continued)

• Adware
    – A software program that delivers advertising content
      in a manner that is unexpected and unwanted by the
      user
• Adware can be a security risk
    – Many adware programs perform a tracking function
          • Monitors and tracks a user’s activities
          • Sends a log of these activities to third parties without
            the user’s authorization or knowledge


Security+ Guide to Network Security Fundamentals, Third Edition        23
           Malware for Profit (continued)

• Keylogger
    – A small hardware device or a program that monitors
      each keystroke a user types on the computer’s
      keyboard
    – As the user types, the keystrokes are collected and
      saved as text
• As a hardware device, a keylogger is a small device
  inserted between the keyboard connector and
  computer keyboard port


Security+ Guide to Network Security Fundamentals, Third Edition   24
           Malware for Profit (continued)




Security+ Guide to Network Security Fundamentals, Third Edition   25
           Malware for Profit (continued)

• Software keyloggers
    – Programs that silently capture all keystrokes,
      including passwords and sensitive information
    – Hide themselves so that they cannot be easily
      detected even if a user is searching for them




Security+ Guide to Network Security Fundamentals, Third Edition   26
           Malware for Profit (continued)




Security+ Guide to Network Security Fundamentals, Third Edition   27
           Malware for Profit (continued)

• Botnets
    – When hundreds, thousands, or even tens of
      thousands of zombie computers are under the control
      of an attacker
    – Zombie: An infected computer with a program that will
      allow the attacker to remotely control it
    – Attackers use Internet Relay Chat (IRC) to remotely
      control the zombies
    – Attacker is knows as a bot herder


Security+ Guide to Network Security Fundamentals, Third Edition   28
           Malware for Profit (continued)




Security+ Guide to Network Security Fundamentals, Third Edition   29
                                     Summary
• Malicious software (malware) is software that enters
  a computer system without the owner’s knowledge or
  consent
• Infecting malware includes computer viruses and
  worms
• Ways to conceal malware include Trojan horses
  (Trojans), rootkits, logic bombs, and privilege
  escalation
• Malware with a profit motive includes spam, spyware,
  and botnets

 Security+ Guide to Network Security Fundamentals, Third Edition   30

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:111
posted:8/12/2011
language:English
pages:30
Description: Security Guide to Network Security Fundamentals, Third Edition document sample