Cisco Security Agent - Theory, Practice, and Policy
-
Upload
mike-pruett -
Category
Technology
-
view
1.011 -
download
5
description
Transcript of Cisco Security Agent - Theory, Practice, and Policy
![Page 2: Cisco Security Agent - Theory, Practice, and Policy](https://reader033.fdocuments.in/reader033/viewer/2022061220/54bc1cbd4a79597d4d8b45f2/html5/thumbnails/2.jpg)
Definitions Anatomy of an Operating System Anatomy of an Antivirus Program Anatomy of a Security Threat Analysis
Agenda
![Page 3: Cisco Security Agent - Theory, Practice, and Policy](https://reader033.fdocuments.in/reader033/viewer/2022061220/54bc1cbd4a79597d4d8b45f2/html5/thumbnails/3.jpg)
Malware - short for malicious software, is software designed to infiltrate a computer system without the owners informed consent.
Spam- junk email that involves nearly identical messages sent to numerous recipients by email.
Distributed Denial-of-Service (DDoS) – occurs when multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers.
Definitions
![Page 4: Cisco Security Agent - Theory, Practice, and Policy](https://reader033.fdocuments.in/reader033/viewer/2022061220/54bc1cbd4a79597d4d8b45f2/html5/thumbnails/4.jpg)
Botnet – a jargon term for a collection of software robots, or bots, that run autonomously and automatically
Zombie – a computer attached to the internet that has been compromised by some form of threat. Generally, a compromised machine is only one of many in a botnet, and will be used to perform malicious tasks of one sort or another under remote direction.
Intrusion Detection System (IDS) – is a device (or application) that monitors network and/or system activities for malicious activities or policy violations.
Intrusion Prevention System (IPS) – like a IDS, but the device can react, in real-time, to block or prevent the unwanted activity.
![Page 5: Cisco Security Agent - Theory, Practice, and Policy](https://reader033.fdocuments.in/reader033/viewer/2022061220/54bc1cbd4a79597d4d8b45f2/html5/thumbnails/5.jpg)
Vulnerability – a term for weakness which allows an attacker to reduce a systems security.
Exploit – a piece of software, a chunk of data, or sequence of commands that take advantage of a bug, glitch, or vulnerability in order to cause unintended or unanticipated behavior to occur on computer systems.
Zero Day Threat – a computer threat that tries to exploit computer application vulnerabilities that are unknown to others, undisclosed to the software vendor, or for which no security fix is available.
Black Hat Hacker– are hackers who specialize in unauthorized penetration of computer networks. They may use computers to attack systems for profit, for fun, or for political motivations or as a part of a social cause.
White Hat Hacker – also known an ethical hackers, or white knights, are computer security experts, who specialize in penetration testing, and other testing methodologies, to ensure that a companies information systems are secure.
![Page 6: Cisco Security Agent - Theory, Practice, and Policy](https://reader033.fdocuments.in/reader033/viewer/2022061220/54bc1cbd4a79597d4d8b45f2/html5/thumbnails/6.jpg)
Virus
A computer program that can copy itself and infect a computer.
![Page 7: Cisco Security Agent - Theory, Practice, and Policy](https://reader033.fdocuments.in/reader033/viewer/2022061220/54bc1cbd4a79597d4d8b45f2/html5/thumbnails/7.jpg)
Worm
A self-replicating computer program.It uses a network to send copies of itself to other computers, usually without any user intervention.
![Page 8: Cisco Security Agent - Theory, Practice, and Policy](https://reader033.fdocuments.in/reader033/viewer/2022061220/54bc1cbd4a79597d4d8b45f2/html5/thumbnails/8.jpg)
Polymorphic Code
A piece of code that uses a polymorphic engine to mutate while keeping the original algorithm intact. That is, the code changes itself each time it runs, but the function of the code in whole will not change at all.
![Page 9: Cisco Security Agent - Theory, Practice, and Policy](https://reader033.fdocuments.in/reader033/viewer/2022061220/54bc1cbd4a79597d4d8b45f2/html5/thumbnails/9.jpg)
Script Kiddie
A derogatory term used to describe those who use scripts or programs developed by other to attack computer systems.
![Page 10: Cisco Security Agent - Theory, Practice, and Policy](https://reader033.fdocuments.in/reader033/viewer/2022061220/54bc1cbd4a79597d4d8b45f2/html5/thumbnails/10.jpg)
KERNEL
CPU MEMORY FILE I/O DEVICE I/O
COM API System APINetwork
StackServices
Applications Processes
Operating System Components
![Page 11: Cisco Security Agent - Theory, Practice, and Policy](https://reader033.fdocuments.in/reader033/viewer/2022061220/54bc1cbd4a79597d4d8b45f2/html5/thumbnails/11.jpg)
KERNEL
CPU MEMORY FILE I/O DEVICE I/O
COM API System APINetwork
StackServices
Applications Processes
= Cisco Security Agent “Shim”
OS with Cisco Security Agent
![Page 12: Cisco Security Agent - Theory, Practice, and Policy](https://reader033.fdocuments.in/reader033/viewer/2022061220/54bc1cbd4a79597d4d8b45f2/html5/thumbnails/12.jpg)
Antivirus Components
On-Demand Scan Engine
Real-TimeScan Engine
Heuristics Database
Applications Processes
![Page 13: Cisco Security Agent - Theory, Practice, and Policy](https://reader033.fdocuments.in/reader033/viewer/2022061220/54bc1cbd4a79597d4d8b45f2/html5/thumbnails/13.jpg)
http://www.symantec.com/security_response/writeup.jsp?docid=2008-112203-2408-99&tabid=2
http://www.confickerworkinggroup.org/wiki/pmwiki.php/ANY/Timeline
http://www.confickerworkinggroup.org/wiki/pmwiki.php/ANY/FAQ
Security Threat Components
![Page 14: Cisco Security Agent - Theory, Practice, and Policy](https://reader033.fdocuments.in/reader033/viewer/2022061220/54bc1cbd4a79597d4d8b45f2/html5/thumbnails/14.jpg)
Check the Security Logs Check the Event Viewer Use the Diagnostics Tool Use Reset Agent Tool
Analysis