Security of Virtual Desktop Infrastructures-Maxime Clementz-Simon Petitjean
Desktop Security
description
Transcript of Desktop Security
![Page 1: Desktop Security](https://reader036.fdocuments.in/reader036/viewer/2022081415/56815133550346895dbf4bf9/html5/thumbnails/1.jpg)
Desktop Security
After completing this lesson, you should be able to do the following:
•Describe the different types of software and hardware attacks
•List types of desktop defences
•Explain how to recover from an attack
1
![Page 2: Desktop Security](https://reader036.fdocuments.in/reader036/viewer/2022081415/56815133550346895dbf4bf9/html5/thumbnails/2.jpg)
Attacks on Desktop Computers
• Most attacks fall into two categories– Malicious software attacks – Attacks on hardware
2
![Page 3: Desktop Security](https://reader036.fdocuments.in/reader036/viewer/2022081415/56815133550346895dbf4bf9/html5/thumbnails/3.jpg)
Malicious Software Attacks
• Malware – Wide variety of damaging or annoying attack
software– Enters a computer system without the owner’s
knowledge or consent
• Primary objectives of malware– Infect a computer system with destructive software – Conceal a malicious action
3
![Page 4: Desktop Security](https://reader036.fdocuments.in/reader036/viewer/2022081415/56815133550346895dbf4bf9/html5/thumbnails/4.jpg)
Infecting Malware
• Viruses – Malicious program that needs a ‘‘carrier’’ to survive– Two carriers
• Program or document
• User
4
![Page 5: Desktop Security](https://reader036.fdocuments.in/reader036/viewer/2022081415/56815133550346895dbf4bf9/html5/thumbnails/5.jpg)
Infecting Malware (cont’d.)
• Viruses have performed the following functions:– Caused a computer to crash repeatedly– Erased files from a hard drive– Installed hidden programs, such as stolen software,
which is then secretly distributed from the computer– Made multiple copies of itself and consumed all of
the free space in a hard drive– Reduced security settings and allowed intruders to
remotely access the computer– Reformatted the hard disk drive
5
![Page 6: Desktop Security](https://reader036.fdocuments.in/reader036/viewer/2022081415/56815133550346895dbf4bf9/html5/thumbnails/6.jpg)
Infecting Malware (cont’d.)
• Types of computer viruses– File infector– Resident– Boot– Companion– Macro– Polymorphic
6
![Page 7: Desktop Security](https://reader036.fdocuments.in/reader036/viewer/2022081415/56815133550346895dbf4bf9/html5/thumbnails/7.jpg)
Infecting Malware (cont’d.)
• Worms– Take advantage of a vulnerability in an application or
an operating system – Enter a system– Deposit its payload– Immediately searches for another computer that has
the same vulnerabiliy
7
![Page 8: Desktop Security](https://reader036.fdocuments.in/reader036/viewer/2022081415/56815133550346895dbf4bf9/html5/thumbnails/8.jpg)
Infecting Malware (cont’d.)
• Different from a virus– Does not require program or user
• Actions that worms have performed include – Deleting files on the computer – Allowing the computer to be remote-controlled by an
attacker
8
![Page 9: Desktop Security](https://reader036.fdocuments.in/reader036/viewer/2022081415/56815133550346895dbf4bf9/html5/thumbnails/9.jpg)
Concealing Malware
• Trojan horse (or just Trojan) – Program advertised as performing one activity but
actually does something else– Typically executable programs that contain hidden
code that attacks the computer system
9
![Page 10: Desktop Security](https://reader036.fdocuments.in/reader036/viewer/2022081415/56815133550346895dbf4bf9/html5/thumbnails/10.jpg)
Concealing Malware (cont’d.)
• Rootkit – Set of software tools – Used to break into a computer, obtain special
privileges to perform unauthorized functions– Goal is not to damage a computer directly– Go to great lengths to ensure that they are not
detected and removed– Replace operating system commands with modified
versions that are specifically designed to ignore malicious activity
– Detecting a rootkit can be difficult10
![Page 11: Desktop Security](https://reader036.fdocuments.in/reader036/viewer/2022081415/56815133550346895dbf4bf9/html5/thumbnails/11.jpg)
Concealing Malware (cont’d.)
• Logic bomb – Computer program or a part of a program that lies
dormant until it is triggered by a specific logical event– Once triggered, performs malicious activities– Extremely difficult to detect before they are triggered
11
![Page 12: Desktop Security](https://reader036.fdocuments.in/reader036/viewer/2022081415/56815133550346895dbf4bf9/html5/thumbnails/12.jpg)
Concealing Malware (cont’d.)
• Zombie– Infected ‘‘robot’’ computer
• Botnet– Hundreds, thousands, or tens of thousands of
zombies
• Internet Relay Chat (IRC) – Used to remotely control the zombies
• Number of zombies and botnets is staggering
12
![Page 13: Desktop Security](https://reader036.fdocuments.in/reader036/viewer/2022081415/56815133550346895dbf4bf9/html5/thumbnails/13.jpg)
Hardware Attacks
• Types of hardware that is targeted includes– BIOS– USB devices– Mobile phones– Physical theft of laptop computers and information
13
![Page 14: Desktop Security](https://reader036.fdocuments.in/reader036/viewer/2022081415/56815133550346895dbf4bf9/html5/thumbnails/14.jpg)
BIOS
• Basic Input/Output System (BIOS)– Coded program embedded on the processor chip – Recognizes and controls different devices on the
computer system
• PROM (Programmable Read Only Memory) chip– Newer computers– Flashing the BIOS
• Reprogramming
14
![Page 15: Desktop Security](https://reader036.fdocuments.in/reader036/viewer/2022081415/56815133550346895dbf4bf9/html5/thumbnails/15.jpg)
USB Devices
• USB (universal serial bus)
• Small, lightweight, removable, and contain rewritable storage
• Common types– USB flash memory – MP3 players
• Primary targets of attacks to spread malware
• Allow spies or disgruntled employees to copy and steal sensitive corporate data
15
![Page 16: Desktop Security](https://reader036.fdocuments.in/reader036/viewer/2022081415/56815133550346895dbf4bf9/html5/thumbnails/16.jpg)
USB Devices (cont’d.)
• Reduce the risk introduced by USB devices– Prohibit by written policy– Disable with technology
• Disable the USB in hardware
• Disable the USB through the operating system
• Use third-party software
16
![Page 17: Desktop Security](https://reader036.fdocuments.in/reader036/viewer/2022081415/56815133550346895dbf4bf9/html5/thumbnails/17.jpg)
Mobile Phones
• Portable communication devices
• Rapidly replacing wired telephones
• Types of attacks– Lure users to malicious Web sites– Infect a mobile phone– Launch attacks on other mobile phones– Access account information– Abuse the mobile phone service
17
![Page 18: Desktop Security](https://reader036.fdocuments.in/reader036/viewer/2022081415/56815133550346895dbf4bf9/html5/thumbnails/18.jpg)
Physical Theft
• Portable laptop computers are particularly vulnerable to theft
• Data can be retrieved from a hard drive by an attacker even after its file has been deleted
18
![Page 19: Desktop Security](https://reader036.fdocuments.in/reader036/viewer/2022081415/56815133550346895dbf4bf9/html5/thumbnails/19.jpg)
Desktop Defences
• Defences include: – Managing patches– Installing antivirus software– Using buffer overflow protection– Protecting against theft– Creating data backups
19
![Page 20: Desktop Security](https://reader036.fdocuments.in/reader036/viewer/2022081415/56815133550346895dbf4bf9/html5/thumbnails/20.jpg)
Managing Patches
• Patch – Software security update intended to cover
vulnerabilities that have been discovered after the program was released
20
![Page 21: Desktop Security](https://reader036.fdocuments.in/reader036/viewer/2022081415/56815133550346895dbf4bf9/html5/thumbnails/21.jpg)
Managing Patches (cont’d.)
• Automatic update configuration options for most operating systems– Install updates automatically– Download updates but let me choose when to install
them– Check for updates but let me choose whether to
download and install them– Never check for updates
21
![Page 22: Desktop Security](https://reader036.fdocuments.in/reader036/viewer/2022081415/56815133550346895dbf4bf9/html5/thumbnails/22.jpg)
Antivirus Software
• Scan a computer’s hard drive for infections
• Monitor computer activity
• Examine all new documents that might contain a virus
• Drawback of AV software – Must be continuously updated to recognize new
viruses
• Should be configured to constantly monitor for viruses and automatically check for updated signature files
22
![Page 23: Desktop Security](https://reader036.fdocuments.in/reader036/viewer/2022081415/56815133550346895dbf4bf9/html5/thumbnails/23.jpg)
Buffer Overflow Protection
• Buffer overflow– Occurs when a computer process attempts to store
data in RAM beyond the boundaries of a fixed-length storage buffer
– May cause computer to stop functioning
• Windows-based system protection– Data Execution Prevention (DEP) – Address Space Layout Randomization (ASLR)
23
![Page 24: Desktop Security](https://reader036.fdocuments.in/reader036/viewer/2022081415/56815133550346895dbf4bf9/html5/thumbnails/24.jpg)
Buffer Overflow Protection (cont’d.)
Buffer overflow attack
24
![Page 25: Desktop Security](https://reader036.fdocuments.in/reader036/viewer/2022081415/56815133550346895dbf4bf9/html5/thumbnails/25.jpg)
Protecting Against Theft
• Applies to laptops especially
• Device lock– Steel cable and a lock
• Software tracking system
25
![Page 26: Desktop Security](https://reader036.fdocuments.in/reader036/viewer/2022081415/56815133550346895dbf4bf9/html5/thumbnails/26.jpg)
Creating Data Backups
• Copying data from a computer’s hard drive onto other digital media – Then storing it in a secure location
• Sophisticated hardware and software can back up data on a regular schedule
• Personal computer users– Operating system functions– Third-party software
26
![Page 27: Desktop Security](https://reader036.fdocuments.in/reader036/viewer/2022081415/56815133550346895dbf4bf9/html5/thumbnails/27.jpg)
Creating Data Backups (cont’d.)
• What information to back up– Back up only user files– Back up all files
• Frequency of backups– Regular schedule
• RAID (Redundant Array of Independent Drives)– Uses multiple hard disk drives for increased
reliability– Several RAID configurations
• Called levels
27
![Page 28: Desktop Security](https://reader036.fdocuments.in/reader036/viewer/2022081415/56815133550346895dbf4bf9/html5/thumbnails/28.jpg)
Creating Data Backups (cont’d.)
• Backup storage media– Temporary media should not be used– Alternatives
• Portable USB hard drives
• Network Attached Storage (NAS)
• Internet services
• Disc storage
28
![Page 29: Desktop Security](https://reader036.fdocuments.in/reader036/viewer/2022081415/56815133550346895dbf4bf9/html5/thumbnails/29.jpg)
Creating Data Backups (cont’d.)
• Location of backup storage– Protect against not only virus attacks but also
against hardware malfunctions, user error, software corruption, and natural disasters
– Backups ideally should be stored in a location away from the device that contains the information
29
![Page 30: Desktop Security](https://reader036.fdocuments.in/reader036/viewer/2022081415/56815133550346895dbf4bf9/html5/thumbnails/30.jpg)
Recovering from an Attack
• Basic steps to perform– Disconnect– Identify– Disinfect– Recheck– Reinstall– Analyze
30
![Page 31: Desktop Security](https://reader036.fdocuments.in/reader036/viewer/2022081415/56815133550346895dbf4bf9/html5/thumbnails/31.jpg)
Summary
• Malicious software (malware) – Enters a computer system without the owner’s
knowledge or consent – Includes a wide variety of damaging or annoying
software– Infecting malware– Concealing malware
• Hardware is also the target of attackers
• Tactics for defending desktop systems
• Basic steps to disinfect and restore a computer
31