1. Definition : Malicious code refers to a program that is covertly inserted into another program with the intent to Malicious activities. 2.

Slides:



Advertisements
Similar presentations
Let’s Talk About Cyber Security
Advertisements

Thank you to IT Training at Indiana University Computer Malware.
Presented by: Melissa Dark CERIAS, Purdue University.
Copyright © 2014 American Water Works Association Water Sector Approach to Process Control System Security.
1 Computer and Internet Security JCCAA Presentation 03/14/2009 Yu-Min (Phillip) Hsieh Sr. System Administrator Information Technology Rice University.
By Hiranmayi Pai Neeraj Jain
Safe IT – Protect your computer and Family from unwanted programs viruses and websites.
What are Trojan horses?  A Trojan horse is full of as much trickery as the mythological Trojan horse it was named after. The Trojan horse, at first glance.
Security strategy. What is security strategy? How an organisation plans to protect and respond to security attacks on their information technology assets.
Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia
Chapter 14 Computer Security Threats Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Operating Systems: Internals and Design Principles,
Malicious Attacks. Introduction Commonly referred to as: malicious software/ “malware”, computer viruses Designed to enter computers without the owner’s.
What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:
Lecture 15 Overview. Kinds of Malicious Codes Virus: a program that attaches copies of itself into other programs. – Propagates and performs some unwanted.
Computer Security Fundamentals by Chuck Easttom Chapter 5 Malware.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.
Project By Ben Woodard ISC 110 Professor: Dr. Elaine Wenderholm.
Chapter Nine Maintaining a Computer Part III: Malware.
APA of Isfahan University of Technology In the name of God.
1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Chapter 15: Security (Part 1). The Security Problem Security must consider external environment of the system, and protect the system resources Intruders.
Network and Internet Security SYSTEM SECURITY. Virus Countermeasures Antivirus approach ◦Ideal solution: Prevention ◦Not allowing the virus to infect.
Hacker Zombie Computer Reflectors Target.
PROCESS OF CONDUCTING A DOS/IDS INCIDENT ANALYSIS
CS 325: Software Engineering April 14, 2015 Software Security Security Requirements Software Security in the Life Cycle.
BUSINESS B1 Information Security.
 A denial of service (DoS) is an action that prevents or impairs the authorized use of networks, systems, or applications by exhausting resources such.
Spyware and Viruses Group 6 Magen Price, Candice Fitzgerald, & Brittnee Breze.
Administrator Protect against Malware by: Brittany Slisher and Gary Asciutto.
 a crime committed on a computer network, esp. the Internet.
Lecture 14 Overview. Program Flaws Taxonomy of flaws: – how (genesis) – when (time) – where (location) the flaw was introduced into the system 2 CS 450/650.
3-Protecting Systems Dr. John P. Abraham Professor UTPA.
1.2 Security. Computer security is a branch of technology known as information security, it is applied to computers and networks. It is used to protect.
A virus is software that spreads from program to program, or from disk to disk, and uses each infected program or disk to make copies of itself. Basically.
1 Figure 4-16: Malicious Software (Malware) Malware: Malicious software Essentially an automated attack robot capable of doing much damage Usually target-of-opportunity.
Trojan Virus By Forbes and Mark. What is a Trojan virus Trojans are malicious programs that perform actions that have not been authorised by the user.
GSHRM Conference Cyber Security Education Shri Cockroft, CISO Piedmont Healthcare, Inc. September 21, 2015.
Software Categories Figure 3-1.
Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.
CS 510 : Malicious Code and Forensics. About the course Syllabus at
Topic 5: Basic Security.
Sid Stamm, Zulfikar Ramzan and Markus Jokobsson Erkang Xu.
BY FIOLA CARVALHO TE COMP. CONTENTS  Malicious Software-Definition  Malicious Programs Backdoor Logic Bomb Trojan Horse Mobile Code Multiple-Threat.
VIRUS.
IT Computer Security JEOPARDY RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands.
Computer Security Threats CLICKTECHSOLUTION.COM. Computer Security Confidentiality –Data confidentiality –Privacy Integrity –Data integrity –System integrity.
Understand Malware LESSON Security Fundamentals.
Bay Ridge Security Consulting (BRSC). Importance in Securing System  If don’t keep up with security issues or fixes Exploitation of root access Installation.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,
DEVICE MANAGEMENT AND SECURITY NTM 1700/1702. LEARNING OUTCOMES 1. Students will manipulate multiple platforms and troubleshoot problems when they arise.
MUHAMMAD GHAZI AIMAN BIN MOHD AIDI. DEFINITION  A computer virus is a malware program that, when executed, replicates by inserting copies of itself (possibly.
MANAGING INCIDENT RESPONSE By: Ben Holmquist. 2 Outline Key Terms and Understanding Personnel and Plan Preparation Incident Detection Incident Response.
Securing a Host Computer BY STEPHEN GOSNER. Definition of a Host  Host  In networking, a host is any device that has an IP address.  Hosts include.
2015 TCPA WASHINGTON SUMMIT | SEPT. 27TH-29TH | WASHINGTON DC The Anatomy of a Breach Phillip Naples, Pritchard & Jerden, Inc. Jeremy Henley, ID Experts.
Antivirus Software Technology By Mitchell Zell. Intro  Computers are vulnerable to attack  Most common type of attack is Malware  Short for malicious.
Protecting Computers From Viruses and Similarly Programmed Threats Ryan Gray COSC 316.
Computer safety Filip Hruby.
CISOs Guide To Communicating WNCRY.
Managing Windows Security
Critical Security Controls
Instructor Materials Chapter 7 Network Security
Network security threats
Security in Networking
Computer Security.
Chapter # 3 COMPUTER AND INTERNET CRIME
Introduction to Internet Worm
Presentation transcript:

1

Definition : Malicious code refers to a program that is covertly inserted into another program with the intent to Malicious activities. 2

Malicious Activities Include :  Destroy data.  Run destructive or intrusive programs.  Compromise the security or the confidentiality, integrity, and availability of the victim’s data, applications, or operating system. 3

Types Of Threats : 1)Viruses  Compiled Viruses  Interpreted viruses2)Worms  Network Service Worms  Mass mailing Worms 3)Trojan Horses 4

Types Of Threats : 4)Malicious Mobile Codes  Mostly Java, ActiveX, JavaScript, and VBScript codes. 5)Blended Attacks  Combination of 1 to 4 6) Attack Tools  Backdoors  Rootkits  Key Loggers  … 5

Types Of Threats : 7) Tracking Cookies 8) Non-malware threats  Hoax  Phishing 6

Step 1 :Preparation 1) Preparation I. Awareness II. Deployment III. Resources 7 2) Prevention I. Education II. Configuration III. Control

Step2: Detection and Analysis  Fast spread of incident so: Rapid Detection is Necessary  Precursors often appear immediately before an incident So: Group must not wait for indications  Most of indications could have causes other than malware 8

Step2: Detection and Analysis Precursors and Reactions:  An alert warns of new malicious code.  Research and Block Ways of Entrance  Antivirus software detects and successfully disinfects or quarantines a newly received infected file  Find Reason And Mitigate Vulnerability 9

Step2: Detection and Analysis Special Indications of Each Malicious Code  Virus  Changes to templates for word processing documents, spreadsheets, etc.  Deleted, corrupted, or inaccessible files  Unusual items on the screen, such as odd messages and graphics 10

Step2: Detection and Analysis Special Indications For Each malicious Code  Worm:  Port scans and failed connection attempts targeted at the vulnerable service  Increased network usage  Trojan:  Network connections between the host and unknown remote systems  Unusual and unexpected ports open 11

Step2: Detection and Analysis Special Indications For Each malicious Code  Malicious Mobile Code  To spread Virus, worm,…  Unexpected dialog boxes, requesting permission to do s.th  Unusual graphics, such as overlapping message boxes  To exploit vulnerabilities  Network connections between the host and unknown remote systems  Receiving Hoax Reports  No links to outside sources 12

Step3: 1)Containment Strategies  All incident Prevention Activities must be done in order to stop spread of virus  Other Activities :  Notification  Isolation  Change Access rules  Identification of infected hosts is not easy 13

Step3: 2)Eradication And Recovery  Some Infected files can not be cleaned  System Restore may be needed  Securing system is the last step 14

15

Definition : Multiple Component A Multiple Component incident is a single incident that encompasses two or more incidents. 16

17 Example:

Step 1&2 : Preparation, Detection, Analysis  Conduct exercises reviews scenarios involving multiple component incidents.  Efficient incident analysis:  centralized logging  correlation software. 18

Step3: Containment, Eradication, Recovery Approach :  Contain the initial incident and then search for signs of other components  Gauss if incident have other components  Unauthorized access incidents are more likely to have multiple components 19

Step3: Containment, Eradication, Recovery Prioritization:  Components must be separately prioritize  Response the most urgent one  Another factor: How current each component is  It may be possible to contain the whole incident by containing just one component 20

 Computer Security Incident Handling Guide National Institute of Standard and Technology (NIST) U.S  A Step-By-Step Approach on How To Set Up a CSIRT European Network and Information Security Agency (ENISA)  Expectations for Computer Security Incident Response RFC3250  Handbook for Computer Security Incident Response Teams Carnegie Mellon University, 2nd Edition: April 2003  Defining Incident Management Processes for CSIRTs: A Work in Progress Chris Alberts, Audrey Dorofee, Georgia Killcrece, Robin Ruefle, Mark Zajicek, October

22

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.