Security System 1 - 10

#10.
Understanding S/W Exploitation
SECURITY SYSTEM
1
AGENDA
 Understanding S/W Exploitation

Understanding Software
Exploitation
 Phage Virus
 A phage virus modifies and alters other
programs and databases. The virus infects
all of these files. The only way to remove
this virus is to reinstall the programs that are
infected.
 If you miss even a single incident of this
virus on the victim system, the process will
start again and infect the system once more.
Exploitation
 Polymorphic Virus Polymorphic
viruseschange form in order to avoid
detection. These types of viruses attack
your system, display a message on your
computer, and delete files on your
system. The virus will attempt to hide
from your antivirus software. Frequently,
the virus will encrypt parts of itself to
avoid detection. When the virus does this,
it’s referred to as mutation.
Exploitation
 The mutation process makes it hard for
antivirus software to detect common
characteristics of the virus. Figure 2.18
shows a polymorphic virus changing its
characteristics to avoid detection. In this
example, the virus changes a signature to
fool antivirus software.
Exploitation
 Retrovirus
 A retrovirusattacks or bypasses the
antivirus software installed on a computer.
You can consider a retrovirus to be an anti-
antivirus. Retroviruses can directly attack
your antivirus software and potentially
destroy the virus definition database file.
Destroying this information without your
knowledge would leave you with a false
sense of security. The virus may also
directly attack an antivirus program to create
bypasses for itself.
Exploitation
 Stealth Virus
 A stealth virusattempts to avoid detection
by masking itself from applications. It may
attach itself to the boot sector of the hard
drive. When a system utility or program
runs, the stealth virus redirects commands
around itself in order to avoid detection. An
infected file may report a file size different
from what is actually present in order to
avoid detection.
Exploitation
 Virus Transmission in a Network
 Upon infection, some viruses destroy the
target system immediately. The saving grace
is that the infection can be detected and
corrected. Some viruses won’t destroy or
otherwise tamper with a system; they use
the victim system as a carrier.
Exploitation
 The victim system then infects servers,
file shares, and other resources with the
virus. The carrier then infects the target
system again. Until the carrier is identified
and cleaned, the virus continues to harass
systems in this network and spread.
Exploitation
 Identifying Hoaxes
 Network users have plenty of real viruses
to worry about. Yet some people find it
entertaining to issue phony threats to keep
people on their toes. Some of the more
popular hoaxes that have been passed
around are the Good Time and the Irina
viruses. Millions of users received e-mails
about these two viruses, and the symptoms
sounded awful.
Exploitation
 While spamis not truly a virus or a hoax,
it is one of the most annoying things an
administrator can contend with. Spam is
defined as any unwanted, unsolicited e-mail,
and not only can the sheer volume of it be
irritating, it can often open the door to larger
problems. Some of the sites advertised in
spam may be infected with viruses, worms,
and other unwanted programs. If users
begin to respond to spam by visiting those
sites, then your problems will only multiply.
Exploitation
 Trojan Horses
 Trojan horsesare programs that enter a
system or network under the guise of
another program. A Trojan horse may be
included as an attachment or as part of an
installation program.
Exploitation
 The Trojan horse could create a back
door or replace a valid program during
installation. It would then accomplish its
mission under the guise of another program.
Trojan horses can be used to compromise
the security of your system, and they can
exist on a system for years before they’re
detected.
Exploitation
 The best preventive measure for Trojan
horses is to not allow them entry into your
system. Immediately before and after you
install a new software program or operating
system, back it up! If you suspect a Trojan
horse, you can reinstall the original
programs, which should delete the Trojan
horse. A port scan may also reveal a Trojan
horse on your system. If an application
opens a TCP or UDP port that isn’t regularly
used in your network, you can notice this
and begin corrective action.
Exploitation
 Logic Bombs
 Logic bombsare programs or snippets of
code that execute when a certain predefined
event occurs. A bomb may send a note to
an attacker when a user is logged on to the
Internet and is using a word processor. This
message informs the attacker that the user
is ready for an attack.
Exploitation
 Worms
 A wormis different from a virus in that it
can reproduce itself, it’s self-contained, and
it doesn’t need a host application to be
transported. Many of the so-called viruses
that have made the papers and media
were, in actuality, worms and not viruses.
However, it’s possible for a worm to contain
or deliver a virus to a target system.
Exploitation
 The Melissa virus (which was actually a
worm) spread itself to more than 100,000
users in a relatively short period when it first
came out, according to CERT. One site
received more than 32,000 copies of the
Melissa virus in a 45-minute period.
Exploitation
 Worms by their nature and origin are
supposed to propagate and will use
whatever services they’re capable of to do
that. Early worms filled up memory and bred
inside the RAM of the target computer.
Worms can use TCP/IP, e-mail, Internet
services, or any number of means to reach
their target.
Exploitation
 Antivirus Software
 The primary method of preventing the
propagation of malicious code involves the use of
antivirus software. Antivirus software is an
application that is installed on a system to protect
it and to scan for viruses as well as worms and
Trojan horses. Most viruses have characteristics
that are common to families of virus. Antivirus
software looks for these characteristics, or
fingerprints, to identify and neutralize viruses
before they impact you.
Exploitation
 Number of viruses (worms, bombs, and other
malicious codes) to top 1 million by 2009. The
antivirus software manufacturer will usually work
very hard to keep the definition database files
current. The definition database file contains all
of the known viruses and countermeasures for a
particular antivirus software product. If we keep
the virus definition database files in our software
up-to-date, we probably won’t be overly
vulnerable to attacks.
Exploitation
 The second method of preventing viruses is
education. Teach your users not to open
suspicious files and to open only those files that
they’re reasonably sure are virus free. They need
to scan every disk, e-mail, and document they
receive before they open them.
Exploitation
 Understanding Social Engineering In the
previous sections, you learned how attacks
work. You also learned about TCP/IP and
some of its vulnerabilities. And you were
exposed to the issues that your users will face
so you can help them from a technical
perspective. A key method of attack that you
must guard against is called social
engineering.
Exploitation
 Social engineeringis a process in which an
attacker attempts to acquire information about
your network and system by social means, such
as talking to people in the organization. A social
engineering attack may occur over the phone, by
e-mail, or in person. The intent is to acquire
access information, such as user IDs and
passwords.
Exploitation
 With social engineering, the villain doesn’t
always have to be seen or heard to conduct the
attack. The use of e-mail was mentioned earlier,
and in recent years, the frequency of attacks via
instant messaging has also increased. Attackers
can send infected files over Instant Messaging
(IM) as easily as they can over e-mail. A recent
virus on the scene accesses a user’s IM client
and uses the infected user’s buddy list to send
messages to other users and infect their
machines as well.
Exploitation
 Phishing is a form of social engineering in which
you simply ask someone for a piece of
information that you are missing by making it
look as if it is a legitimate request. An e-mail
might look as if it is from a bank and contain
some basic information, such as the user’s
name.
Exploitation
 In the e-mail, it will often state that there is a
problem with the person’s account or access
privileges. They will be told to click a link to
correct the problem. After they click the link—
which goes to a site other than the bank’s—they
are asked for their username, password, account
information, and so on. The person instigating the
phishing can then use the values entered there to
access the legitimate account.
Exploitation
 The only preventive measure in dealing with
social engineering attacks is to educate your
users and staff to never give out passwords and
user Ids to anyone.

Security System 1 - 10

Încărcat de

Informații document

Descriere originală:

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

Security System 1 - 10

Încărcat de

Drepturi de autor:

Formate disponibile

#10.

Understanding S/W Exploitation

S-ar putea să vă placă și