Security+ Guide to Network Security Fundamentals, Third ... · PDF fileSecurity+ Guide to...
Transcript of Security+ Guide to Network Security Fundamentals, Third ... · PDF fileSecurity+ Guide to...
Security+ Guide to Network
Security Fundamentals, Third
Edition
Chapter 2
Systems Threats and Risks
Security+ Guide to Network Security Fundamentals, Third Edition
Objectives
• Define Malicious Software (Malware)
• Describe the different types of Malware:
– Infecting Malware (viruses and worms)
– Concealing Malware (trojan horses, rootkits, logic
bombs, and priviledge escalation)
– Malware for Profit (spams, spyware, and botnets)
2
Security+ Guide to Network Security Fundamentals, Third Edition
Software-Based Attacks
• Malicious software, or malware
– Software that enters a computer system without the
owner’s knowledge or consent
– Malware is a general term that refers to a wide variety
of damaging or annoying software
• The three primary objectives of malware
– To infect a computer system
– Conceal the malware’s malicious actions
– Bring profit from the actions that it performs
3
Security+ Guide to Network Security Fundamentals, Third Edition
Infecting Malware
• Viruses
– Programs that secretly attach to another document or
program and execute when that document or program
is opened
– Once a virus infects a computer, it performs two
separate tasks
• Replicates itself by spreading to other computers
• Activates its malicious payload
– Cause problems ranging from displaying an annoying
message to erasing files from a hard drive or causing
a computer to crash repeatedly
4
Security+ Guide to Network Security Fundamentals, Third Edition
Infecting Malware (continued)
5
Security+ Guide to Network Security Fundamentals, Third Edition
Infecting Malware (continued)
• Types of computer viruses
– File infector virus
– Resident virus
– Boot virus
– Companion virus
– Macro virus
– Metamorphic viruses
– Polymorphics viruses
6
Security+ Guide to Network Security Fundamentals, Third Edition
Infecting Malware (continued)
• Worm
– Program designed to take advantage of a vulnerability
in an application or an operating system in order to
enter a system
– Worms are different from viruses in two regards:
• A worm can travel by itself
• A worm does not require any user action to begin its
execution
– Actions that worms have performed: deleting files on
the computer; allowing the computer to be remote-
controlled by an attacker
7
Security+ Guide to Network Security Fundamentals, Third Edition
Concealing Malware
• Trojan Horse (or Trojan)
– Program advertised as performing one activity that but
actually does something else
– Trojan horse programs are typically executable
programs that contain hidden code that attack the
computer system
• Rootkit
– A set of software tools used by an intruder to break
into a computer, obtain special privileges to perform
unauthorized functions, and then hide all traces of its
existence
8
Security+ Guide to Network Security Fundamentals, Third Edition
Concealing Malware (continued)
• Rootkit (continued)
– The rootkit’s goal is to hide the presence of other
types of malicious software
– Rootkits function by replacing operating system
commands with modified versions
• That are specifically designed to ignore malicious
activity so it can escape detection
– Detecting a rootkit can be difficult
– Removing a rootkit from an infected computer is
extremely difficult
• You need to reformat the hard drive and reinstall the
operating system 9
Security+ Guide to Network Security Fundamentals, Third Edition
Concealing Malware (continued)
• Logic bomb
– A computer program or a part of a program that lies
dormant until it is triggered by a specific logical event
– Once triggered, the program can perform any number
of malicious activities
– Logic bombs are extremely difficult to detect before
they are triggered
10
Security+ Guide to Network Security Fundamentals, Third Edition 11
Security+ Guide to Network Security Fundamentals, Third Edition
Concealing Malware (continued)
• Privilege escalation
– Exploiting a vulnerability in software to gain access to
resources that the user would normally be restricted
from obtaining
– Types of privilege escalation:
• When a user with a lower privilege uses privilege
escalation to access functions reserved for higher
privilege users
• When a user with restricted privileges accesses the
different restricted functions of a similar user
12
Security+ Guide to Network Security Fundamentals, Third Edition
Malware for Profit
• Spam
– Unsolicited e-mail
– Sending spam is a lucrative business
– Costs involved for spamming:
• E-mail addresses
• Equipment and Internet connection
– Text-based spam messages can easily by trapped
by special filters
– Image spam uses graphical images of text in order to
avoid text-based filters
13
Security+ Guide to Network Security Fundamentals, Third Edition 14
Security+ Guide to Network Security Fundamentals, Third Edition
Malware for Profit (continued)
• Other techniques used by spammers include:
– GIF layering
– Word splitting
– Geometric variance
15
Security+ Guide to Network Security Fundamentals, Third Edition 16
Security+ Guide to Network Security Fundamentals, Third Edition 17
Malware for Profit (continued)
Security+ Guide to Network Security Fundamentals, Third Edition 18
Security+ Guide to Network Security Fundamentals, Third Edition
Malware for Profit (continued)
• Image spam cannot be easily filtered based on the
content of the message
• To detect image spam, one approach is to examine
the context of the message and create a profile,
asking questions such as:
– Who sent the message?
– What is known about the sender?
– Where does the user go if she responds to this e-
mail?
– What is the nature of the message content?
– How is the message technically constructed? 19
Security+ Guide to Network Security Fundamentals, Third Edition
Malware for Profit (continued)
• Spyware
– A general term used for describing software that
imposes upon a user’s privacy or security
• Antispyware Coalition defines spyware as:
– Technologies that are deployed without the user’s
consent and weaken the user’s control over:
• Use of their system resources, including what programs
are installed on their computers
• Collection, use, and distribution of their personal or
other sensitive information
• Material changes that affect their user experience,
privacy, or system security
20
Malware for Profit (continued)
• Spyware has two characteristics that make it very
dangerous
– Spyware creators are motivated by profit
• Spyware is often more intrusive than viruses, harder
to detect, and more difficult to remove
– Spyware is not always easy to identify
• Spyware is very widespread
• Although attackers use several different spyware
tools
– The two most common are adware and keyloggers
Security+ Guide to Network Security Fundamentals 21
Security+ Guide to Network Security Fundamentals, Third Edition 22
Malware for Profit (continued)
Security+ Guide to Network Security Fundamentals, Third Edition
Malware for Profit (continued)
• Adware
– A software program that delivers advertising content
in a manner that is unexpected and unwanted by the
user
• Adware can be a security risk
– Many adware programs perform a tracking function
• Monitors and tracks a user’s activities
• Sends a log of these activities to third parties without
the user’s authorization or knowledge
23
Security+ Guide to Network Security Fundamentals, Third Edition
Malware for Profit (continued)
• Keylogger
– A small hardware device or a program that monitors
each keystroke a user types on the computer’s
keyboard
– As the user types, the keystrokes are collected and
saved as text
• As a hardware device, a keylogger is a small device
inserted between the keyboard connector and
computer keyboard port
24
Security+ Guide to Network Security Fundamentals, Third Edition 25
Malware for Profit (continued)
Security+ Guide to Network Security Fundamentals, Third Edition
Malware for Profit (continued)
• Software keyloggers
– Programs that silently capture all keystrokes,
including passwords and sensitive information
– Hide themselves so that they cannot be easily
detected even if a user is searching for them
26
Security+ Guide to Network Security Fundamentals, Third Edition 27
Malware for Profit (continued)
Security+ Guide to Network Security Fundamentals, Third Edition
Malware for Profit (continued)
• Botnets
– When hundreds, thousands, or even tens of
thousands of zombie computers are under the control
of an attacker
– Zombie: An infected computer with a program that will
allow the attacker to remotely control it
– Attackers use Internet Relay Chat (IRC) to remotely
control the zombies
– Attacker is knows as a bot herder
28
Security+ Guide to Network Security Fundamentals, Third Edition 29
Malware for Profit (continued)
Security+ Guide to Network Security Fundamentals, Third Edition
Summary
• Malicious software (malware) is software that enters
a computer system without the owner’s knowledge or
consent
• Infecting malware includes computer viruses and
worms
• Ways to conceal malware include Trojan horses
(Trojans), rootkits, logic bombs, and privilege
escalation
• Malware with a profit motive includes spam, spyware,
and botnets
30