Security+ Guide to Network Security Fundamentals, Third Edition
Download
Report
Transcript Security+ Guide to Network Security Fundamentals, Third Edition
Security+ Guide to Network
Security Fundamentals,
Third Edition
Chapter 2
Systems Threats and Risks
Objectives
Describe the different types of software-based
attacks
List types of hardware attacks
Define virtualization and explain how
attackers are targeting virtual systems
Security+ Guide to Network Security Fundamentals, Third Edition
2
Software-Based Attacks
Malicious software, or _________________
________________________________________
________________________________________
Malware is a general term that refers to a wide
variety of ________________________________
The _______ primary objectives of malware
To _______________ a computer system
___________ the malware’s ________________
Bring ____________________ that it performs
Security+ Guide to Network Security Fundamentals, Third Edition
3
Infecting Malware- ________________
Programs that _______________________________
__________ when that document or program is opened
Needs a __________ to perform some action such as
opening an e-mail to start the infection
Once a virus infects a computer, it performs two
separate tasks
________________ by spreading to other computers
Via USB, an e-mail attachment, or via computers connected
to a LAN for example
_____________________________
Cause problems ranging from displaying an annoying
message to erasing files from a hard drive/ reformatting
the hard drive or causing a computer to crash
repeatedly
Security+ Guide to Network Security Fundamentals, Third Edition
4
Types of Computer viruses
File infector virus- ___________________________
Virus is activated when the program is launched
Resident virus- ___________________ each time computer is turned on
Can _____________________ executed by the OS
Boot virus- _____________________ of a hard disk
Intended to ____________________________
Companion virus- _________________________ that is a _________
__________________ version to a legitimate program
Macro virus- virus ________________________
Often found in ______________ which- when unknowingly opened by
user, macro virus is executed and infect the computer
Metamorphic viruses
Avoid detection by _______________________
Polymorphic viruses
______________________________ and also _________________
differently each time
Security+ Guide to Network Security Fundamentals, Third Edition
5
Infecting Malware - ______________
Program designed to take ___________________
__________________________________________
___________________ in order to enter a system
Worms are different from viruses in two regards:
A worm _________________________
A worm _____________________________________ to
begin its execution
Actions that worms have performed: ___________
on the computer; allowing the _______________
______________________ by an attacker
Newer worms leave behind payload which cause
harm (virus like characteristic)
Security+ Guide to Network Security Fundamentals, Third Edition
6
Concealing Malware as something else
Trojan
Program ___________________________________
__________________________________
Trojan horse programs are typically ___________ programs
that contain ___________ that attack the computer system
May be installed with user’s full knowledge but the
Trojan’s ____________________________________
Rootkit
A __________________ used by an intruder to _________
_______________________________________________
_____________, and then ___________ of its existence
Very good at evading detection and removal by hiding or
removing log entries etc
Security+ Guide to Network Security Fundamentals, Third Edition
7
Concealing Malware (Rootkit continued)
The rootkit’s goal is to _______ the presence of other
types of malicious software such as viruses and worms
Rootkits function by _____________________
___________________ with modified versions
Detecting a rootkit can be _______________
Modified files specifically designed to ignore malicious activity
so it can escape detection
Best way to detect is to reboot and from an alternate source
then run a rootkit detection program
Removing a rootkit from an infected computer is
____________________________
You need to reformat the hard drive and reinstall the operating
system
Security+ Guide to Network Security Fundamentals, Third Edition
8
Concealing Malware (continued)
Logic bomb
A computer program or a part of a program that
_____________________________________________
Once triggered, the program can perform any number of
_______________________
Logic bombs are ______________________ before they
are triggered
Privilege escalation
________________________________________ to
resources that the user would normally be restricted from
obtaining
Either higher (more) privileges or someone else’s privilege
status
Security+ Guide to Network Security Fundamentals, Third Edition
9
Security+ Guide to Network Security Fundamentals, Third Edition
10
Malware for Profit- ___________
_________________________
Reduces productivity of employees who have to
waste time deleting them or perhaps responding to
them (on company time)
Sending spam is a _______________ which is
_______________ for spammers to start up
Text-based spam messages can easily by
trapped by special filters
Security+ Guide to Network Security Fundamentals, Third Edition
11
Malware for Profit (Spam continued)
_________________________ in order to
circumvent text-based filters
Additional image spam techniques:
GIF layering
Word splitting
Geometric variance
Image spam ________________________ based
on the content of the message
To detect image spam, one approach is to examine
the context of the message and create a profile
Based on certain indicators, software can make an
__________________________________________
Security+ Guide to Network Security Fundamentals, Third Edition
12
Malware for Profit - ____________
A general term used for describing software that
____________________________________
Technologies that are ___________________
_____________________________ over:
Use of their _______________, including what programs
are installed on their computers
____________, use, and distribution of their __________
or other sensitive information
Material changes that affect their user experience, privacy,
or system security
Security+ Guide to Network Security Fundamentals, Third Edition
13
Malware for Profit (Spyware continued)
Spyware has two characteristics that make it
___________________________
Spyware creators are _________________
Spyware is ________________________
Spyware is often more intrusive than viruses, harder to
detect, and more difficult to remove
Some spyware-like software is considered legitimate
business
Two common spyware tools:
_____________ and _________________
Effects of Spyware…
Security+ Guide to Network Security Fundamentals, Third Edition
15
Spyware tools continued…
Adware
A ___________________________________
________________, in a manner that is
unexpected and _____________ by the user
Via pop-ups, banners, or opening new browser windows
Adware can be a __________________
Some programs perform a _________________
Monitors and tracks a user’s activities then ends a log of
these activities without user’s authorization
Security+ Guide to Network Security Fundamentals, Third Edition
16
Spyware tools continued…
Keylogger
Either a __________________ or a _________
program that _________________________
______________ on the computer’s keyboard
As the user types, the keystrokes are collected and
saved as text
The small hardware keylogger physically
_________ between the ____________________
__________________________________
Software keylogger programs capture all
keystrokes and hide themselves so that they
_____________________________
Security+ Guide to Network Security Fundamentals, Third Edition
17
Malware for Profit (continued)
Zombie
Botnets
Hundreds, thousands, or even tens of thousands of
___________________________________________
Attackers use Internet Relay Chat (____) to remotely
control the zombies within the botnet
What is IRC?
An ______________________________________________
________________________________________________
Infected computer is joined to a specific IRC channel and
there- awaits instructions from the attacker
______________ is known as a ________________
Large number of botnets exist
Security+ Guide to Network Security Fundamentals, Third Edition
18
What are botnets used for ?
Security+ Guide to Network Security Fundamentals, Third Edition
19
Hardware-Based Attacks
Hardware that often is the target of attacks
includes the BIOS, USB devices, network
attached storage, and even cell phones
Security+ Guide to Network Security Fundamentals, Third Edition
20
BIOS
Basic Input/Output System (___________)
On older computer systems the BIOS was a Read
Only Memory (ROM) chip
A coded ___________________________________ that
________________________________________ on the
computer system
________________________________________ and
provides low-level access to the hard disk, video, and
keyboard
Not able to be reprogrammed
Today’s computer systems have a _____________
(Programmable Read Only Memory) chip
Able to be _________________ AKA ___________ the
BIOS- leaving the ____________________________
Security+ Guide to Network Security Fundamentals, Third Edition
21
BIOS (continued)
Types of BIOS attacks…
Where a ________________________________
and the first part of the hard disk drive, rendering
the computer completely dead
A computer cannot boot without the BIOS
An attacker could infect a computer with a virus
and then flash the BIOS to _________________
______________ containing malicious code
_____________________________ the OS will _____
_______________ of a rootkit stored on the BIOS
Security+ Guide to Network Security Fundamentals, Third Edition
22
USB Devices
____________ (Universal Serial Bus) devices use
_________________________
Flash memory is a type of EEPROM- ______________
__________________ (chip) that can be electrically _____
___________________________________________
Robust memory able to withstand temp extremes,
immersion in water etc, with fast read access times
Could be a ________________________
USB devices are widely ________________________
USB devices allow spies or disgruntled employees to
discretely copy and _________________________
USB devices can potentially be lost or fall into the wrong
hands- leaving sensitive data at risk
Security+ Guide to Network Security Fundamentals, Third Edition
23
USB Devices (continued)
To reduce the risks introduced by USB
devices:
_______________________________
Disable the USB through the _______________
All USB port drivers located in C:\Windows\Driver
Cache\i386 in the DRIVER.CAB file
Use ______________________
Security+ Guide to Network Security Fundamentals, Third Edition
24
Storage Area Network (________)
Specialized _______
____________________
____________________
___________________
Uses “block-based storage”
SAN can be shared
between servers and can
be local or extended over
geographical distances
Security+ Guide to Network Security Fundamentals, Third Edition
25
Network Attached Storage (______)
Another type of network storage
_______________________________________________________
_______________________________________________________
Available to LAN users through a standard network connection
Two main ____________ to using NAS devices on a network
Offer the ability to ____________________________ by
adding on hard disks
Allow for the _________________________
The operating system on NAS devices can be either a standard
operating system, a proprietary operating system, or a “strippeddown” operating system
NAS ________________________________________________
___________________________________
Operates at the file system level
Vulnerable to viruses, worms etc
Security+ Guide to Network Security Fundamentals, Third Edition
26
Security+ Guide to Network Security Fundamentals, Third Edition
27
Cell Phones
Portable communication devices that function
in a manner that is unlike wired telephones
____________ of cellular telephone networks:
_____________ is divided into smaller individual
sections called ______________
Center of each cell contains a transmitter
All of the transmitters and cell phones __________
______________________
Allows signal to stay confined within cell so that same
frequency can be used in other cells at the same time
Security+ Guide to Network Security Fundamentals, Third Edition
28
Cell Phones (continued)
Almost all cell phones today have the ability to send
and receive _________________ and __________
to the ___________________ which opens cell
phone up to possible attacks
Types of attacks
Lure users to malicious Web sites
______________ with malicious software
____________________________ or personal data
Abuse the cell phone service
Spam sent via text messages
Security+ Guide to Network Security Fundamentals, Third Edition
29
Attacks on Virtualized Systems
Just as attacks can be software-based or
hardware-based, attacks can also target
________________________________
Known as ______________________
Virtualization, is becoming one of the prime
targets of attackers
Security+ Guide to Network Security Fundamentals, Third Edition
30
What Is Virtualization?
Virtualization
Operating system virtualization
A means of managing and presenting computer resources
by function without regard to their physical layout or
location
Virtualization _________________________________
__________________________________________
When an _____________________________________
A virtual machine is __________________________
_______________________ by the host system but
appears as a _______________________
Server virtualization
________________________________ operating systems
Security+ Guide to Network Security Fundamentals, Third Edition
31
Why Virtualize?
One of the factors driving the adoption of
virtualization is the ___________________
Currently, a typical server only utilizes about 10% of its
capacity
Consolidating multiple physical servers via virtualization on a
single server maximizes utilization thereby saving the cost of
cooling multiple individual servers
Virtualization can also provide _____________
_____________ to users by using ______________
The ability to ___________________________________
__________________________________ in order to
perform maintenance on hardware or software
Security+ Guide to Network Security Fundamentals, Third Edition
32
Security Issues on Virtual Systems
Operating system virtualization is playing an
increasingly important role in security
Downside: has allowed ___________________
________________________________
Upside: ___________________________ in a
virtualized environment ____________________
_____________________ and simulated attack testing
is easily accomplished in a virtualized environment
___________________________ more easily
accomplished in virtual environments
Security+ Guide to Network Security Fundamentals, Third Edition
33
Attacks on Virtual Systems
Security for virtualized environments can be a
concern for two reasons
1. ________________________ antivirus, anti-spam etcwere designed for single physical servers and
_______________________________________
2. Virtual machines not only need to be protected
from the outside world, but they also __________
________________________________________
_______________________________________
An infected virtual machine could easily infect other
virtual machines in the same physical computer
Security+ Guide to Network Security Fundamentals, Third Edition
34
Possible ____________ to Security Issues
1. Hypervisor
________ that runs on a physical computer and
________________________________________
____________________________
Hypervisor can be used to _______________ to
all virtual machines
2. Another option is for security software to
function as a ________________________
____________________ to the hypervisor
Can be thought of as a “third party” software plugin specializing in security protection
Security+ Guide to Network Security Fundamentals, Third Edition
35
Security+ Guide to Network Security Fundamentals, Third Edition
36
Possible Solutions to Security Issues (continued)
3. Another approach is to use a _________
____________________________________
on the physical machine
The security virtual machine would run security
software: ie. a firewall, intrusion detection system,
virus scanning software
4. If #1-3 above not possible- ____________
security defenses should be used on ______
____________________________________
Security+ Guide to Network Security Fundamentals, Third Edition
37
Summary
Malicious software (malware) is software that
enters a computer system without the owner’s
knowledge or consent
Infecting malware includes computer viruses
and worms
Ways to conceal malware include Trojan
horses (Trojans), rootkits, logic bombs, and
privilege escalation
Malware with a profit motive includes spam,
spyware, and botnets
Security+ Guide to Network Security Fundamentals, Third Edition
38
Summary (continued)
Hardware is also the target of attackers.
Frequent hardware targets include the BIOS,
USB storage devices, Network Attached
Storage (NAS) devices, and cell phones
Virtualization is a means of managing and
presenting computer resources by function
without regard to their physical layout or
location
Security+ Guide to Network Security Fundamentals, Third Edition
39