Vulnerabilities in Operating Systems Michael Gaydeski COSC 432 8 December 2008.

Slides:



Advertisements
Similar presentations
Patch Management Patch Management in a Windows based environment
Advertisements

What is Spyware? Where did it come from?.
Slide Heading Seminar Series: Managing IT Risk In 2010 Understanding End User Attack Vectors Brian Judd, CISSP SynerComm January 20, 2009.
Network Security Attack Analysis. cs490ns - cotter2 Outline Types of Attacks Vulnerabilities Exploited Network Attack Phases Attack Detection Tools.
Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012.
By Hiranmayi Pai Neeraj Jain
Day anti-virus anti-virus 1 detecting a malicious file malware, detection, hiding, removing.
Microsoft Windows XP SP2 Urs P. Küderli Strategic Security Advisor Microsoft Schweiz GmbH.
3 Section C: Installing Software and Upgrades  Web Apps  Mobile Apps  Local Applications  Portable Software  Software Upgrades and Updates  Uninstalling.
Computer Viruses.
Windows Security Tech Talk 9/25/07. What is a virus?  A computer program designed to self replicate without permission from the end user  The program.
1 of 3 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2007 Microsoft Corporation.
Computer Security and Penetration Testing
Define objects and their relationships to multimedia Explain the fundamentals of C, C++, Java, JavaScript, JScript, C#, ActiveX and VBScript Discuss security.
Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.
Introducing Quick Heal Endpoint Security 5.3. “Quick Heal Endpoint Security 5.3 is designed to provide simple, intuitive centralized management and control.
Module 6: Patches and Security Updates 1. Overview Installing Patches and Security Updates Recent patches and security updates for IIS Recent patches.
Kaspersky Open Space Security: Release 2 World-class security solution for your business.
GET CONTROL! Avoid The Headache… Five Simple Steps to a Safer Computer – NUIT Tech Talk.
To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.
Review of February 2013 Bulletin Release Information - 12 New Security Bulletins - One Updated Security Advisory - Microsoft Windows Malicious Software.
To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.
Lesson 46: Using Information From the Web copy and paste information from a Web site print a Web page download information from a Web site customize Web.
Chapter Nine Maintaining a Computer Part III: Malware.
Threats and ways you can protect your computer. There are a number of security risks that computer users face, some include; Trojans Conficker worms Key.
Microsoft October 2004 Security Bulletins Briefing for Senior IT Managers updated October 20, 2004 Marcus H. Sachs, P.E. The SANS Institute October 12,
Internet Safety By Megan Wilkinson. Viruses If your computer haves a viruses on it, it will show one of them or a different one. All commuters have different.
Basic Computer Security Sankardas Roy Department of Computing and Information Sciences Kansas State University.
Dial In Number Pin: 3959 Information About Microsoft December 2012 Security Bulletins Jonathan Ness Security Development Manager Microsoft.
Copyright © 2012 Certification Partners, LLC -- All Rights Reserved Lesson 5: Multimedia on the Web.
Computer Concepts 2014 Chapter 7 The Web and .
To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.
Cyber Patriot Training
Introducing Quick Heal Endpoint Security 5.2. “Quick Heal Endpoint Security 5.2 is designed to provide simple, intuitive centralized management and control.
Module 4: Add Client Computers and Devices to the Network.
1 Spyware, Adware, and Browser Hijacking. ECE Agenda What is Spyware? What is Adware? What is Browser Hijacking? Security concerns and risks Prevention,
To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.
Windows Vista Security Center Chapter 5(WV): Protecting Your Computer 9/17/20151Instructor: Shilpa Phanse.
Spyware and Viruses Group 6 Magen Price, Candice Fitzgerald, & Brittnee Breze.
ITIS 1210 Introduction to Web-Based Information Systems Chapter 45 How Hackers can Cripple the Internet and Attack Your PC How Hackers can Cripple the.
Section 2 Software.
1 Internet Browsing Vulnerabilities and Security ECE4112 Final Lab Ye Yan Frank Park Scott Kim Neil Joshi.
Online Virus Scanning The easy way, using Knoppix live CD By Carl Weisheit.
Previous Gnews. 13 Patches – 8 Critical, Affects pretty much everything Other updates, MSRT, Defender Definitions, Junk Mail Filter –MS SMBv2.
To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.
Vulnerability Scanning Vulnerability scanners are automated tools that scan hosts and networks for known vulnerabilities and weaknesses Credentialed vs.
What is Spam? d min.
Computer Skills and Applications Computer Security.
IT Computer Security JEOPARDY RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands.
Internet safety By Suman Nazir
Software Essentials ICT 1 & 2. What is software?  software is the set of instructions stored inside a computer  These instructions tell the computer.
Web Browsing *TAKE NOTES*. Millions of people browse the Web every day for research, shopping, job duties and entertainment. Installing a web browser.
Understand Malware LESSON Security Fundamentals.
Writing Security Alerts tbird Last modified 2/25/2016 8:55 PM.
Securing Tomorrow’s World Microsoft Security Roadmap Ed Gibson & Steve Lamb Microsoft Ltd.
Active X and Signed Applets Chad Bollard. Overview ActiveX  Security Features  Hidden Problems Signed Applets  Security Features  Security Problems.
Securing a Host Computer BY STEPHEN GOSNER. Definition of a Host  Host  In networking, a host is any device that has an IP address.  Hosts include.
Computer Security Keeping you and your computer safe in the digital world.
Risk of the Internet At Home
Nessus Vulnerability Scanning
IMPORTANT INFORMATION ABOUT THE VISUALIZATION EMBEDDED IN THIS SLIDE - IF YOU ARE EXPERIENCING DIFFICULTIES,PLEASE READ ON! This PowerPoint slide includes.
Information Security Session October 24, 2005
The Internet of Unsecure Things
IMPORTANT INFORMATION ABOUT THE VISUALIZATION EMBEDDED IN THIS SLIDE - IF YOU ARE EXPERIENCING DIFFICULTIES,PLEASE READ ON! This PowerPoint slide includes.
You have Flash installed on your computer.
Lesson 5: Multimedia on the Web
You have Flash installed on your computer.
IMPORTANT INFORMATION ABOUT THE VISUALIZATION EMBEDDED IN THIS SLIDE - IF YOU ARE EXPERIENCING DIFFICULTIES,PLEASE READ ON! This PowerPoint slide includes.
IMPORTANT INFORMATION ABOUT THE VISUALIZATION EMBEDDED IN THIS SLIDE - IF YOU ARE EXPERIENCING DIFFICULTIES,PLEASE READ ON! This PowerPoint slide includes.
IMPORTANT INFORMATION ABOUT THE VISUALIZATION EMBEDDED IN THIS SLIDE - IF YOU ARE EXPERIENCING DIFFICULTIES,PLEASE READ ON! This PowerPoint slide includes.
Presentation transcript:

Vulnerabilities in Operating Systems Michael Gaydeski COSC December 2008

Overview : SANS Top 20 Security Risks of Client-side vulnerabilities  Web browsers  Office software  clients  Media players These vulnerabilities are found primarily in Windows, but exist in other operating systems

Web browsers Internet Explorer  Many security holes that allow execution of arbitrary code  Many of the exploits are available to the public  IE exploits vulnerabilities in other Windows components such as the Graphics Rendering Engine  Hundreds of exploits in ActiveX controls

Web browsers Mozilla Firefox  Unpatched or older versions contain weaknesses that allow execution of arbitrary code Third-party plug-ins  Used to access multimedia files and documents  Users may not know they are installing such plug- ins  IE7 is unable to hand custom URIs – hackers can insert custom URIs into PDF documents to allow execution of malicious code

Systems affected Theoretically, any system that uses any web browser could be affected Attacks are concentrated on most popular web browsers and operating systems  Internet Explorer 5 or later on Windows  Firefox on any operating system

How to avoid these vulnerabilities Windows XP users should use Service Pack 2  If this is not possible, use a browser other than IE IE users should use latest version (IE7)‏ Systems should be updated with latest patches and service packs Use anti-malware software Users of older Windows systems should upgrade to XP Use a browser that does not support ActiveX

Office software Most common office software is Microsoft Office  Contains several high-risk vulnerabilities

Office software Vulnerability occurs through client because of malicious s Exploits also occur in web-based documents and spreadsheets IE automatically opens MS Office documents, which may be malicious

Systems affected All Windows systems that use MS Office Mac systems that use MS Office Level of vulnerability depends on version of software installed

How to avoid these vulnerabilities Use latests patches and service packs Do not open s from suspicious sources Use caution even with s from known sources Disable option in IE that allows it to automatically open MS Office documents Use anti-malware software

clients Malicious s may contain malware Phishing, spam, denial of service attacks Impact of malicious s  Distribution of malware (viruses, trojans, spyware)‏  Disclosure of private information  Disable certain services

Systems affected Microsoft Outlook (Windows)‏ Outlook Express (Windows, older versions available for Mac)‏ Mozilla Thunderbird (Windows, Mac, Linux)‏ Mail.app (Mac)‏

How to avoid these vulnerabilities Remove client software from systems where it is not necessary Use latest version of software Use anti-malware software Do not run client from administrator or other privileged account Do not open suspicious s Do not respond to spam View messages without HTML or other formatting Scan attachments before opening them

Media players Most media players are third-party and must be installed by the user Upgrades must be manually installed by user

Systems affected Real Player (Windows, Mac, Linux)‏ Adobe Flash Player (Windows, Mac, Linux)‏ Apple Quicktime (Windows, Mac)‏ Apple iTunes (Windows, Mac)‏ Windows Media Player (Windows)‏

How to avoid these vulnerabilities Use latest version of software Use anti-malware software Configures operating systems and browsers to prevent unintentional installation of software Install media players only on systems that require it