Scribd Logo
Încărcați

Bine ați venit la Scribd!

  • Comptia Security+ Certification Support Skills: 1.2 Threats and Attacks

    Încărcat de

    Fadhli Aulia S
    12 vizualizări19 pagini

    Titlu original

    G634ENG_01_02.pptx

    Drepturi de autor

    © © All Rights Reserved

    Formate disponibile

    PPTX, PDF, TXT sau citiți online pe Scribd

    Vi se pare util acest document?

    Este necorespunzător acest conținut?

    Raportați acest document

    Drepturi de autor:

    © All Rights Reserved
    Descărcați ca PPTX, PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    12 vizualizări19 pagini

    Comptia Security+ Certification Support Skills: 1.2 Threats and Attacks

    Încărcat de

    Fadhli Aulia S

    Drepturi de autor:

    © All Rights Reserved
    Descărcați ca PPTX, PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    din 19

    CompTIA Security+ Certification

    Support Skills
    1.2 Threats and Attacks

    This courseware is copyrighted © 2015 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to accompany
    the courseware may be copied, photocopied, reproduced, or re-used in any form or by any means without permission in writing from a director of gtslearning
    International Limited. Violation of these laws will lead to prosecution. All trademarks, service marks, products, or services are trademarks or registered trademarks
    of their respective holders and are acknowledged by the publisher.
    All gtslearning products are supplied on the basis of a single copy of a course per student. Additional resources that may be made available from gtslearning may
    only be used in conjunction with courses sold by gtslearning. No material changes to these resources are permitted without express written permission by a director
    of gtslearning. These resources may not be used in conjunction with content from any other supplier.
    If you suspect that this course has been copied or distributed illegally, please telephone or email gtslearning.
    Objectives
    • Categorize vulnerabilities
    and threat agents and
    vectors
    • Understand social
    engineering and phishing
    attacks
    • Identify different types
    of malware and malware
    protection

    21
    1.2 Threats and Attacks
    Vulnerability, Threat, Risk
    • Vulnerability - a weakness that could be triggered
    accidentally or exploited intentionally to cause a
    security breach
    • Threat
    o The potential for a threat agent or threat actor to "exercise" a
    vulnerability
    o The path or tool used by the threat actor can be referred to as the
    threat vector

    • Risk - the likelihood and impact (or consequence) of a


    actor exercising a vulnerability
    • Control - a system or procedure put in place to
    mitigate risk
    21
    1.2 Threats and Attacks
    Types of Threat Agent (1)
    • Hackers, Crackers,
    Black Hats, White
    Hats, and Script
    Kiddies
    • External threats
    o Agents / motivations
    o Accidental / Malicious
    o Structured / unstructured

    21
    1.2 Threats and Attacks
    Types of Threat Agent (2)
    • Malicious insider
    o Has or has had authorized
    access
    o Employees, contractors,
    partners
    o Sabotage, financial gain,
    business advantage

    • Accidental
    • Environmental
    • Legal / commercial

    22
    1.2 Threats and Attacks
    Social Engineering (1)
    • Impersonation
    o Dominate or charm targets
    into revealing information or
    providing access
    o Exploit “weak authentication”
    over telephone / IM / email

    • Reasons for
    effectiveness
    o Familiarity / Liking
    o Consensus / Social Proof
    o Authority and Intimidation
    o Scarcity and Urgency

    24
    1.2 Threats and Attacks
    Social Engineering (2)
    • “Dumpster-diving” for information (build trust)
    • “Shoulder-surfing” password observation
    • “Lunchtime Attack”
    • “Tailgating” to gain entry

    26
    1.2 Threats and Attacks
    Phishing
    • Using spoofed electronic communications to
    trick a user into providing confidential
    information
    • Spoof emails or faked / hacked websites
    • Vishing (VoIP or IM)
    • Spear Phishing / Whaling (targeting senior
    management)
    • Pharming (redirection)
    • Watering Hole
    27
    1.2 Threats and Attacks
    Mitigating Social Engineering
    • What makes attacks effective?
    o Authority
    o Intimidation
    o Consensus / social proof
    o Scarcity
    o Urgency
    o Familiarity / liking
    o Trust

    • What makes attacks ineffective?


    o Policy and standard procedures
    o Education and training
    o Accounting (auditing and surveillance)
    28
    1.2 Threats and Attacks
    Malware (1)
    • Computer viruses
    o Rely on some sort of host file
    o Vector (executable, script, macro, boot sector)
    o Payload

    • Worms
    o Propagate in memory / over network links
    o Consume bandwidth
    o May be able to compromise application or OS to deliver payload

    • Logic bombs / fork bombs

    29
    1.2 Threats and Attacks
    Malware (2)
    • Hoaxes
    o Drive users to fake A-V
    o Cause unnecessary support
    calls
    o Use vendor sites to identify
    malware

    • Spam / spit
    o Unsolicited email
    o Can be vector for malware
    o Spit delivered over IM /
    VoIP

    31
    1.2 Threats and Attacks
    Trojans and Spyware (1)
    • Trojans and botnets
    o A malicious program concealed within a
    benign one
    o Many are designed to provide covert
    surveillance or control of infected host
    • Backdoors
    o Backdoors may be opened by malicious
    software or from configuration oversight
    • Spyware
    o Allows attacker to record system
    configuration and user actions
    o Key logging, screenshots, remote logging,
    etc
    • Adware
    o Records some user activity but to lesser
    extent than spyware
    o Uses cookies to deliver targeted adverts
    (based on user browsing behavior)
    o Legitimate adware should make privacy
    policy obvious

    32
    1.2 Threats and Attacks
    Trojans and Spyware (2)
    • Rootkits
    o Replace key system files and utilities
    o Most powerful operate with system- or kernel-level privileges

    • Ransomware
    o Nuisance (“lock out” user by replacing shell)
    o Serious (encrypt data files or drives)

    34
    1.2 Threats and Attacks
    Preventing Malware
    • Backups
    • Apply OS / application patches
    • Install malware protection
    software
    o Update regularly
    o Configure to run on-access
    o Filter email / IM / websites

    • Restrict system privileges


    • Educate users
    • Audit / continuous monitoring
    • Keep up-to-date with threats

    35
    1.2 Threats and Attacks
    Anti-Virus Software
    • Database of virus
    signatures
    • Heuristic scanning
    • Malware removal /
    quarantine
    • A-V Resistance
    o Stealth
    o Modification
    o Armor
    o Retrovirus
    o Slow and sparse infectors
    o Metamorphic
    36
    1.2 Threats and Attacks
    Anti-spyware / Spam / Pop-ups
    • Most “A-V” software
    protects against a
    range of malware and
    other threats
    • Tools may be used
    against specific web
    threats
    o Anti-spyware
    o Anti-spam / junk mail filter
    o Pop-up blockers

    37
    1.2 Threats and Attacks
    Removing Malware
    • Use A-V software
    o Automatically clean
    o Quarantine (prevent user access)
    o Delete host file and restore from backup

    • Use vendor Knowledge Base


    • Persistent rootkits may require drive format and OS reinstall

    39
    1.2 Threats and Attacks
    Review
    • Categorize vulnerabilities
    and threat agents and
    vectors
    • Understand social
    engineering and phishing
    attacks
    • Identify different types of
    malware and malware
    protection

    40
    1.2 Threats and Attacks
    Labs
    • Lab 2 / Trojans and
    Malware Protection

    1.2 Threats and Attacks

    S-ar putea să vă placă și