security+ guide to network security fundamentals, third ... · pdf filesecurity+ guide to...
TRANSCRIPT
![Page 1: Security+ Guide to Network Security Fundamentals, Third ... · PDF fileSecurity+ Guide to Network Security Fundamentals, Third Edition Software-Based Attacks •Malicious software,](https://reader034.vdocuments.site/reader034/viewer/2022051320/5aa6b7357f8b9a424f8b622d/html5/thumbnails/1.jpg)
Security+ Guide to Network
Security Fundamentals, Third
Edition
Chapter 2
Systems Threats and Risks
![Page 2: Security+ Guide to Network Security Fundamentals, Third ... · PDF fileSecurity+ Guide to Network Security Fundamentals, Third Edition Software-Based Attacks •Malicious software,](https://reader034.vdocuments.site/reader034/viewer/2022051320/5aa6b7357f8b9a424f8b622d/html5/thumbnails/2.jpg)
Security+ Guide to Network Security Fundamentals, Third Edition
Objectives
• Define Malicious Software (Malware)
• Describe the different types of Malware:
– Infecting Malware (viruses and worms)
– Concealing Malware (trojan horses, rootkits, logic
bombs, and priviledge escalation)
– Malware for Profit (spams, spyware, and botnets)
2
![Page 3: Security+ Guide to Network Security Fundamentals, Third ... · PDF fileSecurity+ Guide to Network Security Fundamentals, Third Edition Software-Based Attacks •Malicious software,](https://reader034.vdocuments.site/reader034/viewer/2022051320/5aa6b7357f8b9a424f8b622d/html5/thumbnails/3.jpg)
Security+ Guide to Network Security Fundamentals, Third Edition
Software-Based Attacks
• Malicious software, or malware
– Software that enters a computer system without the
owner’s knowledge or consent
– Malware is a general term that refers to a wide variety
of damaging or annoying software
• The three primary objectives of malware
– To infect a computer system
– Conceal the malware’s malicious actions
– Bring profit from the actions that it performs
3
![Page 4: Security+ Guide to Network Security Fundamentals, Third ... · PDF fileSecurity+ Guide to Network Security Fundamentals, Third Edition Software-Based Attacks •Malicious software,](https://reader034.vdocuments.site/reader034/viewer/2022051320/5aa6b7357f8b9a424f8b622d/html5/thumbnails/4.jpg)
Security+ Guide to Network Security Fundamentals, Third Edition
Infecting Malware
• Viruses
– Programs that secretly attach to another document or
program and execute when that document or program
is opened
– Once a virus infects a computer, it performs two
separate tasks
• Replicates itself by spreading to other computers
• Activates its malicious payload
– Cause problems ranging from displaying an annoying
message to erasing files from a hard drive or causing
a computer to crash repeatedly
4
![Page 5: Security+ Guide to Network Security Fundamentals, Third ... · PDF fileSecurity+ Guide to Network Security Fundamentals, Third Edition Software-Based Attacks •Malicious software,](https://reader034.vdocuments.site/reader034/viewer/2022051320/5aa6b7357f8b9a424f8b622d/html5/thumbnails/5.jpg)
Security+ Guide to Network Security Fundamentals, Third Edition
Infecting Malware (continued)
5
![Page 6: Security+ Guide to Network Security Fundamentals, Third ... · PDF fileSecurity+ Guide to Network Security Fundamentals, Third Edition Software-Based Attacks •Malicious software,](https://reader034.vdocuments.site/reader034/viewer/2022051320/5aa6b7357f8b9a424f8b622d/html5/thumbnails/6.jpg)
Security+ Guide to Network Security Fundamentals, Third Edition
Infecting Malware (continued)
• Types of computer viruses
– File infector virus
– Resident virus
– Boot virus
– Companion virus
– Macro virus
– Metamorphic viruses
– Polymorphics viruses
6
![Page 7: Security+ Guide to Network Security Fundamentals, Third ... · PDF fileSecurity+ Guide to Network Security Fundamentals, Third Edition Software-Based Attacks •Malicious software,](https://reader034.vdocuments.site/reader034/viewer/2022051320/5aa6b7357f8b9a424f8b622d/html5/thumbnails/7.jpg)
Security+ Guide to Network Security Fundamentals, Third Edition
Infecting Malware (continued)
• Worm
– Program designed to take advantage of a vulnerability
in an application or an operating system in order to
enter a system
– Worms are different from viruses in two regards:
• A worm can travel by itself
• A worm does not require any user action to begin its
execution
– Actions that worms have performed: deleting files on
the computer; allowing the computer to be remote-
controlled by an attacker
7
![Page 8: Security+ Guide to Network Security Fundamentals, Third ... · PDF fileSecurity+ Guide to Network Security Fundamentals, Third Edition Software-Based Attacks •Malicious software,](https://reader034.vdocuments.site/reader034/viewer/2022051320/5aa6b7357f8b9a424f8b622d/html5/thumbnails/8.jpg)
Security+ Guide to Network Security Fundamentals, Third Edition
Concealing Malware
• Trojan Horse (or Trojan)
– Program advertised as performing one activity that but
actually does something else
– Trojan horse programs are typically executable
programs that contain hidden code that attack the
computer system
• Rootkit
– A set of software tools used by an intruder to break
into a computer, obtain special privileges to perform
unauthorized functions, and then hide all traces of its
existence
8
![Page 9: Security+ Guide to Network Security Fundamentals, Third ... · PDF fileSecurity+ Guide to Network Security Fundamentals, Third Edition Software-Based Attacks •Malicious software,](https://reader034.vdocuments.site/reader034/viewer/2022051320/5aa6b7357f8b9a424f8b622d/html5/thumbnails/9.jpg)
Security+ Guide to Network Security Fundamentals, Third Edition
Concealing Malware (continued)
• Rootkit (continued)
– The rootkit’s goal is to hide the presence of other
types of malicious software
– Rootkits function by replacing operating system
commands with modified versions
• That are specifically designed to ignore malicious
activity so it can escape detection
– Detecting a rootkit can be difficult
– Removing a rootkit from an infected computer is
extremely difficult
• You need to reformat the hard drive and reinstall the
operating system 9
![Page 10: Security+ Guide to Network Security Fundamentals, Third ... · PDF fileSecurity+ Guide to Network Security Fundamentals, Third Edition Software-Based Attacks •Malicious software,](https://reader034.vdocuments.site/reader034/viewer/2022051320/5aa6b7357f8b9a424f8b622d/html5/thumbnails/10.jpg)
Security+ Guide to Network Security Fundamentals, Third Edition
Concealing Malware (continued)
• Logic bomb
– A computer program or a part of a program that lies
dormant until it is triggered by a specific logical event
– Once triggered, the program can perform any number
of malicious activities
– Logic bombs are extremely difficult to detect before
they are triggered
10
![Page 11: Security+ Guide to Network Security Fundamentals, Third ... · PDF fileSecurity+ Guide to Network Security Fundamentals, Third Edition Software-Based Attacks •Malicious software,](https://reader034.vdocuments.site/reader034/viewer/2022051320/5aa6b7357f8b9a424f8b622d/html5/thumbnails/11.jpg)
Security+ Guide to Network Security Fundamentals, Third Edition 11
![Page 12: Security+ Guide to Network Security Fundamentals, Third ... · PDF fileSecurity+ Guide to Network Security Fundamentals, Third Edition Software-Based Attacks •Malicious software,](https://reader034.vdocuments.site/reader034/viewer/2022051320/5aa6b7357f8b9a424f8b622d/html5/thumbnails/12.jpg)
Security+ Guide to Network Security Fundamentals, Third Edition
Concealing Malware (continued)
• Privilege escalation
– Exploiting a vulnerability in software to gain access to
resources that the user would normally be restricted
from obtaining
– Types of privilege escalation:
• When a user with a lower privilege uses privilege
escalation to access functions reserved for higher
privilege users
• When a user with restricted privileges accesses the
different restricted functions of a similar user
12
![Page 13: Security+ Guide to Network Security Fundamentals, Third ... · PDF fileSecurity+ Guide to Network Security Fundamentals, Third Edition Software-Based Attacks •Malicious software,](https://reader034.vdocuments.site/reader034/viewer/2022051320/5aa6b7357f8b9a424f8b622d/html5/thumbnails/13.jpg)
Security+ Guide to Network Security Fundamentals, Third Edition
Malware for Profit
• Spam
– Unsolicited e-mail
– Sending spam is a lucrative business
– Costs involved for spamming:
• E-mail addresses
• Equipment and Internet connection
– Text-based spam messages can easily by trapped
by special filters
– Image spam uses graphical images of text in order to
avoid text-based filters
13
![Page 14: Security+ Guide to Network Security Fundamentals, Third ... · PDF fileSecurity+ Guide to Network Security Fundamentals, Third Edition Software-Based Attacks •Malicious software,](https://reader034.vdocuments.site/reader034/viewer/2022051320/5aa6b7357f8b9a424f8b622d/html5/thumbnails/14.jpg)
Security+ Guide to Network Security Fundamentals, Third Edition 14
![Page 15: Security+ Guide to Network Security Fundamentals, Third ... · PDF fileSecurity+ Guide to Network Security Fundamentals, Third Edition Software-Based Attacks •Malicious software,](https://reader034.vdocuments.site/reader034/viewer/2022051320/5aa6b7357f8b9a424f8b622d/html5/thumbnails/15.jpg)
Security+ Guide to Network Security Fundamentals, Third Edition
Malware for Profit (continued)
• Other techniques used by spammers include:
– GIF layering
– Word splitting
– Geometric variance
15
![Page 16: Security+ Guide to Network Security Fundamentals, Third ... · PDF fileSecurity+ Guide to Network Security Fundamentals, Third Edition Software-Based Attacks •Malicious software,](https://reader034.vdocuments.site/reader034/viewer/2022051320/5aa6b7357f8b9a424f8b622d/html5/thumbnails/16.jpg)
Security+ Guide to Network Security Fundamentals, Third Edition 16
![Page 17: Security+ Guide to Network Security Fundamentals, Third ... · PDF fileSecurity+ Guide to Network Security Fundamentals, Third Edition Software-Based Attacks •Malicious software,](https://reader034.vdocuments.site/reader034/viewer/2022051320/5aa6b7357f8b9a424f8b622d/html5/thumbnails/17.jpg)
Security+ Guide to Network Security Fundamentals, Third Edition 17
Malware for Profit (continued)
![Page 18: Security+ Guide to Network Security Fundamentals, Third ... · PDF fileSecurity+ Guide to Network Security Fundamentals, Third Edition Software-Based Attacks •Malicious software,](https://reader034.vdocuments.site/reader034/viewer/2022051320/5aa6b7357f8b9a424f8b622d/html5/thumbnails/18.jpg)
Security+ Guide to Network Security Fundamentals, Third Edition 18
![Page 19: Security+ Guide to Network Security Fundamentals, Third ... · PDF fileSecurity+ Guide to Network Security Fundamentals, Third Edition Software-Based Attacks •Malicious software,](https://reader034.vdocuments.site/reader034/viewer/2022051320/5aa6b7357f8b9a424f8b622d/html5/thumbnails/19.jpg)
Security+ Guide to Network Security Fundamentals, Third Edition
Malware for Profit (continued)
• Image spam cannot be easily filtered based on the
content of the message
• To detect image spam, one approach is to examine
the context of the message and create a profile,
asking questions such as:
– Who sent the message?
– What is known about the sender?
– Where does the user go if she responds to this e-
mail?
– What is the nature of the message content?
– How is the message technically constructed? 19
![Page 20: Security+ Guide to Network Security Fundamentals, Third ... · PDF fileSecurity+ Guide to Network Security Fundamentals, Third Edition Software-Based Attacks •Malicious software,](https://reader034.vdocuments.site/reader034/viewer/2022051320/5aa6b7357f8b9a424f8b622d/html5/thumbnails/20.jpg)
Security+ Guide to Network Security Fundamentals, Third Edition
Malware for Profit (continued)
• Spyware
– A general term used for describing software that
imposes upon a user’s privacy or security
• Antispyware Coalition defines spyware as:
– Technologies that are deployed without the user’s
consent and weaken the user’s control over:
• Use of their system resources, including what programs
are installed on their computers
• Collection, use, and distribution of their personal or
other sensitive information
• Material changes that affect their user experience,
privacy, or system security
20
![Page 21: Security+ Guide to Network Security Fundamentals, Third ... · PDF fileSecurity+ Guide to Network Security Fundamentals, Third Edition Software-Based Attacks •Malicious software,](https://reader034.vdocuments.site/reader034/viewer/2022051320/5aa6b7357f8b9a424f8b622d/html5/thumbnails/21.jpg)
Malware for Profit (continued)
• Spyware has two characteristics that make it very
dangerous
– Spyware creators are motivated by profit
• Spyware is often more intrusive than viruses, harder
to detect, and more difficult to remove
– Spyware is not always easy to identify
• Spyware is very widespread
• Although attackers use several different spyware
tools
– The two most common are adware and keyloggers
Security+ Guide to Network Security Fundamentals 21
![Page 22: Security+ Guide to Network Security Fundamentals, Third ... · PDF fileSecurity+ Guide to Network Security Fundamentals, Third Edition Software-Based Attacks •Malicious software,](https://reader034.vdocuments.site/reader034/viewer/2022051320/5aa6b7357f8b9a424f8b622d/html5/thumbnails/22.jpg)
Security+ Guide to Network Security Fundamentals, Third Edition 22
Malware for Profit (continued)
![Page 23: Security+ Guide to Network Security Fundamentals, Third ... · PDF fileSecurity+ Guide to Network Security Fundamentals, Third Edition Software-Based Attacks •Malicious software,](https://reader034.vdocuments.site/reader034/viewer/2022051320/5aa6b7357f8b9a424f8b622d/html5/thumbnails/23.jpg)
Security+ Guide to Network Security Fundamentals, Third Edition
Malware for Profit (continued)
• Adware
– A software program that delivers advertising content
in a manner that is unexpected and unwanted by the
user
• Adware can be a security risk
– Many adware programs perform a tracking function
• Monitors and tracks a user’s activities
• Sends a log of these activities to third parties without
the user’s authorization or knowledge
23
![Page 24: Security+ Guide to Network Security Fundamentals, Third ... · PDF fileSecurity+ Guide to Network Security Fundamentals, Third Edition Software-Based Attacks •Malicious software,](https://reader034.vdocuments.site/reader034/viewer/2022051320/5aa6b7357f8b9a424f8b622d/html5/thumbnails/24.jpg)
Security+ Guide to Network Security Fundamentals, Third Edition
Malware for Profit (continued)
• Keylogger
– A small hardware device or a program that monitors
each keystroke a user types on the computer’s
keyboard
– As the user types, the keystrokes are collected and
saved as text
• As a hardware device, a keylogger is a small device
inserted between the keyboard connector and
computer keyboard port
24
![Page 25: Security+ Guide to Network Security Fundamentals, Third ... · PDF fileSecurity+ Guide to Network Security Fundamentals, Third Edition Software-Based Attacks •Malicious software,](https://reader034.vdocuments.site/reader034/viewer/2022051320/5aa6b7357f8b9a424f8b622d/html5/thumbnails/25.jpg)
Security+ Guide to Network Security Fundamentals, Third Edition 25
Malware for Profit (continued)
![Page 26: Security+ Guide to Network Security Fundamentals, Third ... · PDF fileSecurity+ Guide to Network Security Fundamentals, Third Edition Software-Based Attacks •Malicious software,](https://reader034.vdocuments.site/reader034/viewer/2022051320/5aa6b7357f8b9a424f8b622d/html5/thumbnails/26.jpg)
Security+ Guide to Network Security Fundamentals, Third Edition
Malware for Profit (continued)
• Software keyloggers
– Programs that silently capture all keystrokes,
including passwords and sensitive information
– Hide themselves so that they cannot be easily
detected even if a user is searching for them
26
![Page 27: Security+ Guide to Network Security Fundamentals, Third ... · PDF fileSecurity+ Guide to Network Security Fundamentals, Third Edition Software-Based Attacks •Malicious software,](https://reader034.vdocuments.site/reader034/viewer/2022051320/5aa6b7357f8b9a424f8b622d/html5/thumbnails/27.jpg)
Security+ Guide to Network Security Fundamentals, Third Edition 27
Malware for Profit (continued)
![Page 28: Security+ Guide to Network Security Fundamentals, Third ... · PDF fileSecurity+ Guide to Network Security Fundamentals, Third Edition Software-Based Attacks •Malicious software,](https://reader034.vdocuments.site/reader034/viewer/2022051320/5aa6b7357f8b9a424f8b622d/html5/thumbnails/28.jpg)
Security+ Guide to Network Security Fundamentals, Third Edition
Malware for Profit (continued)
• Botnets
– When hundreds, thousands, or even tens of
thousands of zombie computers are under the control
of an attacker
– Zombie: An infected computer with a program that will
allow the attacker to remotely control it
– Attackers use Internet Relay Chat (IRC) to remotely
control the zombies
– Attacker is knows as a bot herder
28
![Page 29: Security+ Guide to Network Security Fundamentals, Third ... · PDF fileSecurity+ Guide to Network Security Fundamentals, Third Edition Software-Based Attacks •Malicious software,](https://reader034.vdocuments.site/reader034/viewer/2022051320/5aa6b7357f8b9a424f8b622d/html5/thumbnails/29.jpg)
Security+ Guide to Network Security Fundamentals, Third Edition 29
Malware for Profit (continued)
![Page 30: Security+ Guide to Network Security Fundamentals, Third ... · PDF fileSecurity+ Guide to Network Security Fundamentals, Third Edition Software-Based Attacks •Malicious software,](https://reader034.vdocuments.site/reader034/viewer/2022051320/5aa6b7357f8b9a424f8b622d/html5/thumbnails/30.jpg)
Security+ Guide to Network Security Fundamentals, Third Edition
Summary
• Malicious software (malware) is software that enters
a computer system without the owner’s knowledge or
consent
• Infecting malware includes computer viruses and
worms
• Ways to conceal malware include Trojan horses
(Trojans), rootkits, logic bombs, and privilege
escalation
• Malware with a profit motive includes spam, spyware,
and botnets
30