Security System 1 - 10

Embed Size (px)

Citation preview

  • 8/14/2019 Security System 1 - 10

    1/30

    SECURITY SYSTEMSECURITY SYSTEM

    11

    #10. Understanding S/W Exploitation

  • 8/14/2019 Security System 1 - 10

    2/30

    AGENDA

    Understanding S/W Exploitation

  • 8/14/2019 Security System 1 - 10

    3/30

    Understanding SoftwareExploitation

    Phage Virus Aphage virus modifies and alters other

    programs and databases. The virus infects

    all of these files. The only way to removethis virus is to reinstall the programs that areinfected.

    If you miss even a single incident of this

    virus on the victim system, the process willstart again and infect the system once more.

  • 8/14/2019 Security System 1 - 10

    4/30

    Understanding SoftwareExploitation

    Polymorphic VirusPolymorphicviruseschange form in order to avoiddetection. These types of viruses attackyour system, display a message on yourcomputer, and delete files on yoursystem. The virus will attempt to hidefrom your antivirus software. Frequently,the virus will encrypt parts of itself toavoid detection. When the virus does this,its referred to as mutation.

  • 8/14/2019 Security System 1 - 10

    5/30

  • 8/14/2019 Security System 1 - 10

    6/30

  • 8/14/2019 Security System 1 - 10

    7/30

    Understanding SoftwareExploitation

    Retrovirus A retrovirusattacks or bypasses the

    antivirus software installed on a computer.

    You can consider a retrovirus to be an anti-antivirus. Retroviruses can directly attackyour antivirus software and potentiallydestroy the virus definition database file.

    Destroying this information without yourknowledge would leave you with a falsesense of security. The virus may alsodirectly attack an antivirus program to create

    bypasses for itself.

  • 8/14/2019 Security System 1 - 10

    8/30

    Understanding SoftwareExploitation

    Stealth Virus A stealth virusattempts to avoid detection

    by masking itself from applications. It may

    attach itself to the boot sector of the harddrive. When a system utility or programruns, the stealth virus redirects commandsaround itself in order to avoid detection. An

    infected file may report a file size differentfrom what is actually present in order toavoid detection.

  • 8/14/2019 Security System 1 - 10

    9/30

  • 8/14/2019 Security System 1 - 10

    10/30

    Understanding SoftwareExploitation

    Virus Transmission in a Network Upon infection, some viruses destroy the

    target system immediately. The saving grace

    is that the infection can be detected andcorrected. Some viruses wont destroy orotherwise tamper with a system; they usethe victim system as a carrier.

  • 8/14/2019 Security System 1 - 10

    11/30

  • 8/14/2019 Security System 1 - 10

    12/30

    Understanding SoftwareExploitation

    Identifying Hoaxes Network users have plenty of real viruses

    to worry about. Yet some people find it

    entertaining to issue phony threats to keeppeople on their toes. Some of the morepopular hoaxes that have been passedaround are the Good Time and the Irina

    viruses. Millions of users received e-mailsabout these two viruses, and the symptomssounded awful.

  • 8/14/2019 Security System 1 - 10

    13/30

    Understanding SoftwareExploitation

    While spamis not truly a virus or a hoax,it is one of the most annoying things anadministrator can contend with. Spam isdefined as any unwanted, unsolicited e-mail,and not only can the sheer volume of it beirritating, it can often open the door to largerproblems. Some of the sites advertised inspam may be infected with viruses, worms,and other unwanted programs. If usersbegin to respond to spam by visiting thosesites, then your problems will only multiply.

  • 8/14/2019 Security System 1 - 10

    14/30

    Understanding SoftwareExploitation

    Trojan Horses Trojan horsesare programs that enter a

    system or network under the guise of

    another program. A Trojan horse may beincluded as an attachment or as part of aninstallation program.

  • 8/14/2019 Security System 1 - 10

    15/30

    Understanding SoftwareExploitation

    The Trojan horse could create a backdoor or replace a valid program duringinstallation. It would then accomplish itsmission under the guise of another program.Trojan horses can be used to compromisethe security of your system, and they canexist on a system for years before theyredetected.

  • 8/14/2019 Security System 1 - 10

    16/30

    Understanding SoftwareExploitation

    The best preventive measure for Trojanhorses is to not allow them entry into yoursystem. Immediately before and after youinstall a new software program or operatingsystem, back it up! If you suspect a Trojanhorse, you can reinstall the originalprograms, which should delete the Trojanhorse. A port scan may also reveal a Trojanhorse on your system. If an applicationopens a TCP or UDP port that isnt regularlyused in your network, you can notice thisand begin corrective action.

  • 8/14/2019 Security System 1 - 10

    17/30

  • 8/14/2019 Security System 1 - 10

    18/30

  • 8/14/2019 Security System 1 - 10

    19/30

    Understanding SoftwareExploitation

    Worms A wormis different from a virus in that it

    can reproduce itself, its self-contained, and

    it doesnt need a host application to betransported. Many of the so-called virusesthat have made the papers and mediawere, in actuality, worms and not viruses.

    However, its possible for a worm to containor deliver a virus to a target system.

  • 8/14/2019 Security System 1 - 10

    20/30

    Understanding SoftwareExploitation

    The Melissa virus (which was actually aworm) spread itself to more than 100,000users in a relatively short period when it firstcame out, according to CERT. One sitereceived more than 32,000 copies of theMelissa virus in a 45-minute period.

  • 8/14/2019 Security System 1 - 10

    21/30

    Understanding SoftwareExploitation

    Worms by their nature and origin aresupposed to propagate and will usewhatever services theyre capable of to dothat. Early worms filled up memory and bredinside the RAM of the target computer.Worms can use TCP/IP, e-mail, Internetservices, or any number of means to reachtheir target.

  • 8/14/2019 Security System 1 - 10

    22/30

    Understanding SoftwareExploitation

    Antivirus Software The primary method of preventing the

    propagation of malicious code involves the use of

    antivirus software. Antivirus software is anapplication that is installed on a system to protectit and to scan for viruses as well as worms andTrojan horses. Most viruses have characteristics

    that are common to families of virus. Antivirussoftware looks for these characteristics, orfingerprints, to identify and neutralize virusesbefore they impact you.

  • 8/14/2019 Security System 1 - 10

    23/30

    Understanding SoftwareExploitation

    Number of viruses (worms, bombs, and othermalicious codes) to top 1 million by 2009. Theantivirus software manufacturer will usually workvery hard to keep the definition database filescurrent. The definition database file contains allof the known viruses and countermeasures for aparticular antivirus software product. If we keepthe virus definition database files in our software

    up-to-date, we probably wont be overlyvulnerable to attacks.

  • 8/14/2019 Security System 1 - 10

    24/30

  • 8/14/2019 Security System 1 - 10

    25/30

    Understanding SoftwareExploitation

    Understanding Social Engineering In theprevious sections, you learned how attackswork. You also learned about TCP/IP andsome of its vulnerabilities. And you wereexposed to the issues that your users will faceso you can help them from a technicalperspective. A key method of attack that youmust guard against is called social

    engineering.

  • 8/14/2019 Security System 1 - 10

    26/30

    Understanding SoftwareExploitation

    Social engineeringis a process in which anattacker attempts to acquire information aboutyour network and system by social means, suchas talking to people in the organization. A socialengineering attack may occur over the phone, bye-mail, or in person. The intent is to acquireaccess information, such as user IDs andpasswords.

  • 8/14/2019 Security System 1 - 10

    27/30

    Understanding SoftwareExploitation

    With social engineering, the villain doesntalways have to be seen or heard to conduct theattack. The use of e-mail was mentioned earlier,and in recent years, the frequency of attacks viainstant messaging has also increased. Attackerscan send infected files over Instant Messaging(IM) as easily as they can over e-mail. A recentvirus on the scene accesses a users IM client

    and uses the infected users buddy list to sendmessages to other users and infect theirmachines as well.

  • 8/14/2019 Security System 1 - 10

    28/30

    Understanding SoftwareExploitation

    Phishingis a form of social engineering in whichyou simply ask someone for a piece ofinformation that you are missing by making itlook as if it is a legitimate request. An e-mailmight look as if it is from a bank and containsome basic information, such as the usersname.

  • 8/14/2019 Security System 1 - 10

    29/30

    Understanding SoftwareExploitation

    In the e-mail, it will often state that there is aproblem with the persons account or accessprivileges. They will be told to click a link tocorrect the problem. After they click the linkwhich goes to a site other than the bankstheyare asked for their username, password, accountinformation, and so on. The person instigating thephishing can then use the values entered there to

    access the legitimate account.

  • 8/14/2019 Security System 1 - 10

    30/30

    Understanding SoftwareExploitation

    The only preventive measure in dealing withsocial engineering attacks is to educate yourusers and staff to never give out passwords anduser Ids to anyone.