Download presentation
1
Security+ Guide to Network Security Fundamentals, Third Edition
Chapter 2 Systems Threats and Risks
2
Objectives Describe the different types of software-based attacks
List types of hardware attacks Define virtualization and explain how attackers are targeting virtual systems Security+ Guide to Network Security Fundamentals, Third Edition
3
Software-Based Attacks
Malicious software, or _________________ ________________________________________________________________________________ Malware is a general term that refers to a wide variety of ________________________________ The _______ primary objectives of malware To _______________ a computer system ___________ the malware’s ________________ Bring ____________________ that it performs Security+ Guide to Network Security Fundamentals, Third Edition
4
Infecting Malware- ________________
Programs that _______________________________ __________ when that document or program is opened Needs a __________ to perform some action such as opening an to start the infection Once a virus infects a computer, it performs two separate tasks ________________ by spreading to other computers Via USB, an attachment, or via computers connected to a LAN for example _____________________________ Cause problems ranging from displaying an annoying message to erasing files from a hard drive/ reformatting the hard drive or causing a computer to crash repeatedly Security+ Guide to Network Security Fundamentals, Third Edition
5
Types of Computer viruses
File infector virus- ___________________________ Virus is activated when the program is launched Resident virus- ___________________ each time computer is turned on Can _____________________ executed by the OS Boot virus- _____________________ of a hard disk Intended to ____________________________ Companion virus- _________________________ that is a _________ __________________ version to a legitimate program Macro virus- virus ________________________ Often found in ______________ which- when unknowingly opened by user, macro virus is executed and infect the computer Metamorphic viruses Avoid detection by _______________________ Polymorphic viruses ______________________________ and also _________________ differently each time Security+ Guide to Network Security Fundamentals, Third Edition
6
Infecting Malware - ______________
Program designed to take ___________________ _____________________________________________________________ in order to enter a system Worms are different from viruses in two regards: A worm _________________________ A worm _____________________________________ to begin its execution Actions that worms have performed: ___________ on the computer; allowing the _______________ ______________________ by an attacker Newer worms leave behind payload which cause harm (virus like characteristic) Security+ Guide to Network Security Fundamentals, Third Edition
7
Concealing Malware as something else
Trojan Program ___________________________________ __________________________________ Trojan horse programs are typically ___________ programs that contain ___________ that attack the computer system May be installed with user’s full knowledge but the Trojan’s ____________________________________ Rootkit A __________________ used by an intruder to _________ ____________________________________________________________, and then ___________ of its existence Very good at evading detection and removal by hiding or removing log entries etc Security+ Guide to Network Security Fundamentals, Third Edition
8
Concealing Malware (Rootkit continued)
The rootkit’s goal is to _______ the presence of other types of malicious software such as viruses and worms Rootkits function by _____________________ ___________________ with modified versions Modified files specifically designed to ignore malicious activity so it can escape detection Detecting a rootkit can be _______________ Best way to detect is to reboot and from an alternate source then run a rootkit detection program Removing a rootkit from an infected computer is ____________________________ You need to reformat the hard drive and reinstall the operating system Security+ Guide to Network Security Fundamentals, Third Edition
9
Concealing Malware (continued)
Logic bomb A computer program or a part of a program that _____________________________________________ Once triggered, the program can perform any number of _______________________ Logic bombs are ______________________ before they are triggered Privilege escalation ________________________________________ to resources that the user would normally be restricted from obtaining Either higher (more) privileges or someone else’s privilege status Security+ Guide to Network Security Fundamentals, Third Edition
10
Security+ Guide to Network Security Fundamentals, Third Edition
11
Malware for Profit- ___________
_________________________ Reduces productivity of employees who have to waste time deleting them or perhaps responding to them (on company time) Sending spam is a _______________ which is _______________ for spammers to start up Text-based spam messages can easily by trapped by special filters Security+ Guide to Network Security Fundamentals, Third Edition
12
Malware for Profit (Spam continued)
_________________________ in order to circumvent text-based filters Additional image spam techniques: GIF layering Word splitting Geometric variance Image spam ________________________ based on the content of the message To detect image spam, one approach is to examine the context of the message and create a profile Based on certain indicators, software can make an __________________________________________ Security+ Guide to Network Security Fundamentals, Third Edition
13
Malware for Profit - ____________
A general term used for describing software that ____________________________________ Technologies that are ___________________ _____________________________ over: Use of their _______________, including what programs are installed on their computers ____________, use, and distribution of their __________ or other sensitive information Material changes that affect their user experience, privacy, or system security Security+ Guide to Network Security Fundamentals, Third Edition
14
Malware for Profit (Spyware continued)
Spyware has two characteristics that make it ___________________________ Spyware creators are _________________ Spyware is often more intrusive than viruses, harder to detect, and more difficult to remove Spyware is ________________________ Some spyware-like software is considered legitimate business Two common spyware tools: _____________ and _________________
15
Effects of Spyware… Security+ Guide to Network Security Fundamentals, Third Edition
16
Spyware tools continued…
Adware A ___________________________________ ________________, in a manner that is unexpected and _____________ by the user Via pop-ups, banners, or opening new browser windows Adware can be a __________________ Some programs perform a _________________ Monitors and tracks a user’s activities then ends a log of these activities without user’s authorization Security+ Guide to Network Security Fundamentals, Third Edition
17
Spyware tools continued…
Keylogger Either a __________________ or a _________ program that _________________________ ______________ on the computer’s keyboard As the user types, the keystrokes are collected and saved as text The small hardware keylogger physically _________ between the ____________________ __________________________________ Software keylogger programs capture all keystrokes and hide themselves so that they _____________________________ Security+ Guide to Network Security Fundamentals, Third Edition
18
Malware for Profit (continued)
Zombie An ______________________________________________ ________________________________________________ Botnets Hundreds, thousands, or even tens of thousands of ___________________________________________ Attackers use Internet Relay Chat (____) to remotely control the zombies within the botnet What is IRC? Infected computer is joined to a specific IRC channel and there- awaits instructions from the attacker ______________ is known as a ________________ Large number of botnets exist Security+ Guide to Network Security Fundamentals, Third Edition
19
What are botnets used for ?
Security+ Guide to Network Security Fundamentals, Third Edition
20
Hardware-Based Attacks
Hardware that often is the target of attacks includes the BIOS, USB devices, network attached storage, and even cell phones Security+ Guide to Network Security Fundamentals, Third Edition
21
BIOS Basic Input/Output System (___________)
A coded ___________________________________ that ________________________________________ on the computer system ________________________________________ and provides low-level access to the hard disk, video, and keyboard On older computer systems the BIOS was a Read Only Memory (ROM) chip Not able to be reprogrammed Today’s computer systems have a _____________ (Programmable Read Only Memory) chip Able to be _________________ AKA ___________ the BIOS- leaving the ____________________________ Security+ Guide to Network Security Fundamentals, Third Edition
22
BIOS (continued) Types of BIOS attacks…
Where a ________________________________ and the first part of the hard disk drive, rendering the computer completely dead A computer cannot boot without the BIOS An attacker could infect a computer with a virus and then flash the BIOS to _________________ ______________ containing malicious code _____________________________ the OS will _____ _______________ of a rootkit stored on the BIOS Security+ Guide to Network Security Fundamentals, Third Edition
23
USB Devices ____________ (Universal Serial Bus) devices use _________________________ Flash memory is a type of EEPROM- ______________ __________________ (chip) that can be electrically _____ ___________________________________________ Robust memory able to withstand temp extremes, immersion in water etc, with fast read access times Could be a ________________________ USB devices are widely ________________________ USB devices allow spies or disgruntled employees to discretely copy and _________________________ USB devices can potentially be lost or fall into the wrong hands- leaving sensitive data at risk Security+ Guide to Network Security Fundamentals, Third Edition
24
USB Devices (continued)
To reduce the risks introduced by USB devices: _______________________________ Disable the USB through the _______________ All USB port drivers located in C:\Windows\Driver Cache\i386 in the DRIVER.CAB file Use ______________________ Security+ Guide to Network Security Fundamentals, Third Edition
25
Storage Area Network (________)
Specialized _______ ___________________________________________________________ Uses “block-based storage” SAN can be shared between servers and can be local or extended over geographical distances Security+ Guide to Network Security Fundamentals, Third Edition
26
Network Attached Storage (______)
Another type of network storage ______________________________________________________________________________________________________________ Available to LAN users through a standard network connection Two main ____________ to using NAS devices on a network Offer the ability to ____________________________ by adding on hard disks Allow for the _________________________ The operating system on NAS devices can be either a standard operating system, a proprietary operating system, or a “stripped-down” operating system NAS ________________________________________________ ___________________________________ Operates at the file system level Vulnerable to viruses, worms etc Security+ Guide to Network Security Fundamentals, Third Edition
27
Security+ Guide to Network Security Fundamentals, Third Edition
28
Cell Phones Portable communication devices that function in a manner that is unlike wired telephones ____________ of cellular telephone networks: _____________ is divided into smaller individual sections called ______________ Center of each cell contains a transmitter All of the transmitters and cell phones __________ ______________________ Allows signal to stay confined within cell so that same frequency can be used in other cells at the same time Security+ Guide to Network Security Fundamentals, Third Edition
29
Cell Phones (continued)
Almost all cell phones today have the ability to send and receive _________________ and __________ to the ___________________ which opens cell phone up to possible attacks Types of attacks Lure users to malicious Web sites ______________ with malicious software ____________________________ or personal data Abuse the cell phone service Spam sent via text messages Security+ Guide to Network Security Fundamentals, Third Edition
30
Attacks on Virtualized Systems
Just as attacks can be software-based or hardware-based, attacks can also target ________________________________ Known as ______________________ Virtualization, is becoming one of the prime targets of attackers Security+ Guide to Network Security Fundamentals, Third Edition
31
What Is Virtualization?
A means of managing and presenting computer resources by function without regard to their physical layout or location Virtualization _________________________________ __________________________________________ Operating system virtualization When an _____________________________________ A virtual machine is __________________________ _______________________ by the host system but appears as a _______________________ Server virtualization ________________________________ operating systems Security+ Guide to Network Security Fundamentals, Third Edition
32
Why Virtualize? One of the factors driving the adoption of virtualization is the ___________________ Currently, a typical server only utilizes about 10% of its capacity Consolidating multiple physical servers via virtualization on a single server maximizes utilization thereby saving the cost of cooling multiple individual servers Virtualization can also provide _____________ _____________ to users by using ______________ The ability to ___________________________________ __________________________________ in order to perform maintenance on hardware or software Security+ Guide to Network Security Fundamentals, Third Edition
33
Security Issues on Virtual Systems
Operating system virtualization is playing an increasingly important role in security Downside: has allowed ___________________ ________________________________ Upside: ___________________________ in a virtualized environment ____________________ _____________________ and simulated attack testing is easily accomplished in a virtualized environment ___________________________ more easily accomplished in virtual environments Security+ Guide to Network Security Fundamentals, Third Edition
34
Attacks on Virtual Systems
Security for virtualized environments can be a concern for two reasons 1. ________________________ antivirus, anti-spam etc- were designed for single physical servers and _______________________________________ 2. Virtual machines not only need to be protected from the outside world, but they also __________ _______________________________________________________________________________ An infected virtual machine could easily infect other virtual machines in the same physical computer Security+ Guide to Network Security Fundamentals, Third Edition
35
Possible ____________ to Security Issues
1. Hypervisor ________ that runs on a physical computer and ____________________________________________________________________ Hypervisor can be used to _______________ to all virtual machines 2. Another option is for security software to function as a ________________________ ____________________ to the hypervisor Can be thought of as a “third party” software plug-in specializing in security protection Security+ Guide to Network Security Fundamentals, Third Edition
36
Security+ Guide to Network Security Fundamentals, Third Edition
37
Possible Solutions to Security Issues (continued)
3. Another approach is to use a _________ ____________________________________ on the physical machine The security virtual machine would run security software: ie. a firewall, intrusion detection system, virus scanning software 4. If #1-3 above not possible- ____________ security defenses should be used on ______ ____________________________________ Security+ Guide to Network Security Fundamentals, Third Edition
38
Summary Malicious software (malware) is software that enters a computer system without the owner’s knowledge or consent Infecting malware includes computer viruses and worms Ways to conceal malware include Trojan horses (Trojans), rootkits, logic bombs, and privilege escalation Malware with a profit motive includes spam, spyware, and botnets Security+ Guide to Network Security Fundamentals, Third Edition
39
Summary (continued) Hardware is also the target of attackers. Frequent hardware targets include the BIOS, USB storage devices, Network Attached Storage (NAS) devices, and cell phones Virtualization is a means of managing and presenting computer resources by function without regard to their physical layout or location Security+ Guide to Network Security Fundamentals, Third Edition
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.